Put simply, most people believe that the weakest link in the security supply chain is the user. This attitude has become so widely accepted that it’s almost set in stone. It is justified by the inherent unpredictability of humans; the knowledge that a security hole in any application or codebase is fully discoverable and fixable; and the difference between ‘machine’ error and human error. Human error is inherently random; a lapse in attention or judgement can occur at any time, often with seemingly no context to prompt it.