@v as a tester I highly agree with

• Assume code is broken until proven otherwise.
• Assume all input is malicious.