Assertion: we cannot, in general, write secure programs.  Security is a 
subset of correctness; correct programming is -- and will remain -- the 
oldest unsolved problem in computer science.  *All* non-trivial 
programs, including firewalls, operating systems, and privileged or 
networked applications, are and will remain insecure.  The challenge to 
security professionals is to design *systems* that will be "secure 
enough", despite the failure of many of the individual components.