My new post maps the new CISA et al guidance on security-by-design and by-default to my new book that is out now (and omg breaking news it's officially out!!!!): https://kellyshortridge.com/blog/posts/security-by-design-default-software-resilience/

the tl;dr is that if you want to understand more of the "why" but also learn the "how" to implement #SecureByDesign and #SecureByDefault in practice, read these chapters:
* Chapter 3: Architecting & Designing
* Chapter 4: Building & Delivering
* Chapter 7: Platform #Resilience Engineering

Secure by default is something all systems should do. Read up on the LastPass issue https://www.reviewgeek.com/137819/lastpass-security-breach-worse-than-initially-reported/ which referred to an article on it's security settings which are not secure by default. https://www.reviewgeek.com/47843/i-switched-from-lastpass-to-1password-and-you-should-too/ #lastpass #cybersecurity #password #securebydefault

:BoostOK: Just a friendly reminder to all developers that #security and #privacy configurations should be enabled by default and let the user opt-out if they understand the risks they're taking. Users should NOT have to opt-in to security and privacy when they first use your software. That is bad design and you leave your users vulnerable if they don't realize or understand it.

#SecureByDefault #PrivateByDefault