Possible security stances:
"Everything not explicitly permitted is forbidden" -- improves security at a cost in functionality. This is a good approach if you have lots of security threats. See secure computing for a discussion of computer security using this approach.
"Everything not explicitly forbidden is permitted" -- allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non-existent or negligible. See computer insecurity for an example of the failure of this approach in the real world.
please list other valid security stances here