Given the credible estimate that we've spent $1 trillion on anti-terrorism security

The user's going to pick dancing pigs over security every time.

A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography

Metadata equals surveillance; it's that simple.

The question to ask when you look at security is not whether this makes us safer, but whether it's worth the trade-off.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.

Microsoft knows that reliable software is not cost effective. According to studies, 90% to 95% of all bugs are harmless. They're never discovered by users, and they don't affect performance. It's much cheaper to release buggy software and fix the 5% to 10% of bugs people find and complain about.