This is not yet coherent. It is meant to capture the notion of attack surface and describe the system security in terms thereof.

I use “gullibility” here in a somewhat technical sense which I explore here. Often programs run in an environment where they can wield some authority, which might be just enough to do what they were designed to do, or more commonly they have much more authority than they need. There are gullibility problems even when they do not have excess authority.

Sometimes a program behaves just as the programmer benignly intended and as designed, but it is installed and empowered by those who did not understand its behavior and requirements.

Often programs have as part of their purpose the attenuation of the authority it has. There are two sorts of authority that a program may be unwilling to use at the arbitrary command of those able to communicate with it: