It is usually after a disaster (small or big) that people start proclaiming:

• The application should NOT crash!
• The application should NOT block waiting for that downstream service!
• The application should NOT allow unauthorised access!

And similar statements describing what the application should NOT do instead of what it should.

After such a proclamation and since the statement, or at least the intention behind the statement is reasonable, people are left trying to figure out how to do that.