Ah, so when talking about controls effectiveness you'd have less/no qualms to consider probability of control failure under the assumption that the event it's against is occurring?
> I think the same safety lesson applies to security: improbable things happen all the time. It's more important to have robust failure modes.
The place where I don't see how to apply this is with code changes/code review -- after all any controls that are implemented in your codebase can be negated by changes to it, which might be improperly reviewed.