Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Secure by design vs by default which software development concept is better?
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

As cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum gathering to see two major concepts enshrined in the software development process: secure by design and secure by default.But what exactly is the difference between the two, is one more important than the other or more likely to succeed, or do we need both?There are key differences between secure-by-design and secure-by-default, both technically and as well as in the market and supply chain sense, which are worth discussing. The concept of secure-by-design software is far from new and reaches back more than 50 years to sources such as The Ware Report. We’ve seen a recent resurgence in support for the concept, led primarily by Cybersecurity and Infrastructure Security Agency (CISA), which has published several guides on the topic, as well as alerts, and a voluntary pledge that companies have signed.Secure-by-default software is created with safeguards and security postures in mind throughout the development process, striving to avoid the age-old practice of “bolting on” of security after the fact.CISA has thrown its support behind this concept with the assumption that technology has historically been inherently insecure by design due to vendors prioritizing competing interests such as speed to market, revenue, features, and profits over security, with the systemic risks being passed downstream to customers, consumers, citizens, and society.This has often left customers needing to patch, harden, configure, and address inherent product weaknesses and vulnerabilities or risk falling victim to security incidents.According to CISA, “secure-by-design means that technology products are built in a way that reasonably protects against malicious cyber actors successfully gaining access to devices, data, and connected infrastructure.”Vendors following secure-by-design principles have integrated secure development practices such as NIST’s Secure Software Development Framework (SSDF) into their system/software development lifecycle, as well as integrating activities such as threat modeling throughout, including deployment.

How developers can follow secure-by-design principles

CISA provides a number of specific examples where secure-by-design development can be implemented:

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link