“Security is a process, not a product”

“Security is a process, not a product. Specifically, it is the process of identifying bugs and patching them before your adversary identifies them and exploits them. Since you can’t be assured that this will happen, it’s also the process of discovering when your adversary has found a vulnerability before you and exploited it, rooting the adversary out of your system and repairing the damage they did.”

 – Cory Doctorow