My new post maps the new CISA et al guidance on security-by-design and by-default to my new book that is out now (and omg breaking news it's officially out!!!!): https://kellyshortridge.com/blog/posts/security-by-design-default-software-resilience/

the tl;dr is that if you want to understand more of the "why" but also learn the "how" to implement #SecureByDesign and #SecureByDefault in practice, read these chapters:
* Chapter 3: Architecting & Designing
* Chapter 4: Building & Delivering
* Chapter 7: Platform #Resilience Engineering

Referenced link: http://go.dhs.gov/4G3
Originally posted by thaddeus e. grugq thegrugq@infosec.exchange / @thegrugq@twitter.com: https://twitter.com/CISAJen/status/1646482974827790339#m

RT by @thegrugq: 🚨We need to shift the bulk of the cybersecurity burden from consumers to those most able to bear it—software manufacturers. Check out this guide from @CISAGov & our Fed & International partners on #SecureByDesign principles: http://go.dhs.gov/4G3 Feedback welcome!

The only way to make security tenable is to build products that that are designed to have a much smaller vulnerability surface than status-quo.

We can't keep playing an infinite game of whack-a-mole that we're destined to loose.

Approaches like memory safe languages (#rustlang) & end-to-end encrypted authenticated communication (#ockam) eliminate entire classes of security failures - reducing risk by orders of magnitude

#securebydesign #security

Well written case:
https://www.foreignaffairs.com/united-states/stop-passing-buck-cybersecurity

RT @danbjson@twitter.com

Wow. I have been invited to speak at Javaforum Nov 24th on “What the log4j incident thought us about #SecureByDesign”.
The other speaker is Polhem-awarded, internet legend, curl creator @bagder@twitter.com 😳. Humbling company …

🐦🔗: https://twitter.com/danbjson/status/1592448063410692097