How to tell that someone works in software security: when they evaluate software options, they don't look for the software without any security issues, but for the one whose security issues most credibly look like genuine oversights rather than negligence