A whitepaper researching how industry understands the phrases “security by design” and “security by default” with an eye towards future standardization and regulation from government actors like CISA. There’s also a podcast interview with the authors.
I submitted another paper from the same series six months ago. I’m submitting this one for the same reasons: I think it’s really interesting to see the industry from an outsider’s perspective, and these kinds of whitepapers contribute to the government’s understanding for future actions.
I’m not any kind of expert on security, especially not at scale, or government regulation, so my opinion isn’t worth much here. I do hope that “security by design” doesn’t get co-opted into a bureaucratic checklist far from or even opposed to a productive definition, but that’s always a risk with the regulation. The paper’s open questions seem like they’re well-informed and worth answering, so I guess my take is that I’m cautiously optimistic about the path to improving industry practices.
A whitepaper researching how industry understands the phrases “security by design” and “security by default” with an eye towards future standardization and regulation from government actors like CISA. There’s also a podcast interview with the authors.
I submitted another paper from the same series six months ago. I’m submitting this one for the same reasons: I think it’s really interesting to see the industry from an outsider’s perspective, and these kinds of whitepapers contribute to the government’s understanding for future actions.
Do you have a take on the paper’s conclusions?
I’m not any kind of expert on security, especially not at scale, or government regulation, so my opinion isn’t worth much here. I do hope that “security by design” doesn’t get co-opted into a bureaucratic checklist far from or even opposed to a productive definition, but that’s always a risk with the regulation. The paper’s open questions seem like they’re well-informed and worth answering, so I guess my take is that I’m cautiously optimistic about the path to improving industry practices.