1. 8
    1. 4

      A whitepaper researching how industry understands the phrases “security by design” and “security by default” with an eye towards future standardization and regulation from government actors like CISA. There’s also a podcast interview with the authors.

      I submitted another paper from the same series six months ago. I’m submitting this one for the same reasons: I think it’s really interesting to see the industry from an outsider’s perspective, and these kinds of whitepapers contribute to the government’s understanding for future actions.

      1. 1

        Do you have a take on the paper’s conclusions?

        1. 2

          I’m not any kind of expert on security, especially not at scale, or government regulation, so my opinion isn’t worth much here. I do hope that “security by design” doesn’t get co-opted into a bureaucratic checklist far from or even opposed to a productive definition, but that’s always a risk with the regulation. The paper’s open questions seem like they’re well-informed and worth answering, so I guess my take is that I’m cautiously optimistic about the path to improving industry practices.

    🇬🇧 The UK geoblock is lifted, hopefully permanently.