Security Maxims from Roger Johnston. Funny, and yet a very good list. I found this link in Bruce Schneier’s blog.
ADDED 3 Nov 2004:
You can find the original list of security maxims on the Argonne Vulnerability Assessment Team (VAT) page. The VAT informed me that they prefer to have a direct link to the maxims page because that page is updated regularly. In addition, they want to avoid spreading outdated versions as much as possible.