The document discusses whether "OK" software security is good enough. It explores the current state of software security, including a focus on the OWASP Top 10 vulnerabilities and limitations of existing application security scanners. Different justification models are examined, such as building codes and restaurant inspections. Potential software security justification models are proposed, including categorizing vulnerabilities and tailoring responses based on limited resources. Throughout, it argues more needs to be done to improve software security, including creating incentives for better developer practices and coverage of attacks.