Computer security is particularly challenging because it imposes negative constraints on a computer, for example: “No buffer can be overflowed.” Arguably, making a computer correctly do what it is designed to do is hard enough. In computer security, and specifically in the area of security mitigations, the problem is to prevent a computer from doing a subset of what it is (unintentionally) designed to do. This is even harder. One strategic approach to computer security is the conversion of negative requirements to positive enforceable rules, by for example, using programming strategies that make computer programs more dependable and more resistant to subversion. However, in this approach, the same developer who is responsible for introducing code defects is asked to follow various coding rules. Inevitably, in the same way that occasionally a code defect creeps in, occasionally a developer will neglect to follow one of the coding rules.