As I use #Subplot, I realize it can be important to be specific and careful about what one requires. Often it's easier to specify a "proxy requirement" rather than the thing one actually needs, but this can lead people astray. Example: it's hard to automate verification of "encrypts data strongly", but "encryption is not ROT13" is easy, so you make that the requirement. However, then almost any encryption implementation passes tests, can if it's ROT26.