In security engineering, your security stance is your default position on security matters.

Possible security stances:

"Everything not explicitly permitted is forbidden" -- improves security at a cost in functionality. This is a good approach if you have lots of security threats. See secure computing for a discussion of computer security using this approach.

"Everything not explicitly forbidden is permitted" -- allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non-existent or negligible. See computer insecurity for an example of the failure of this approach in the real world.

please list other valid security stances here

See also: