The security of quantum key distribution (QKD) is quantified by a parameter \varepsilon>0, which -- under well-defined physical assumptions -- can be bounded explicitly. This contrasts with computationally secure schemes, where security claims are only asymptotic (i.e., under standard complexity assumptions, one only knows that \varepsilon \to 0 as the key size grows, but has no explicit bound). Here we explain the definition and interpretation of \varepsilon-security. Adopting an axiomatic approach, we show that \varepsilon can be understood as the maximum probability of a security failure. Finally, we review and address several criticisms of this definition that have appeared in the literature.
