Infosec glossary

Secure by Design

Secure by design places security decisions early in product planning, architecture, and engineering. It asks manufacturers to reduce avoidable risk through the way a product is built instead of shifting routine safeguards to customers. The principle works with secure by default, which concerns the settings present when a product is first used.

Operating principle 5 min read By Infosec Writing Studio editorial team
01

Secure by design moves risk decisions into product development

Design choices can create or remove entire classes of risk before code reaches production. Examples include choosing memory-safe components, separating trust boundaries, limiting privileges, protecting secrets, requiring authenticated administrative access, and reducing exposed services.

Threat modeling helps teams identify assets, trust assumptions, entry points, abuse cases, and potential impacts while architecture can still change. Security testing remains necessary, but it does not substitute for decisions made during design.

02

Secure by design practices across the product lifecycle

Teams translate the principle into requirements, architecture reviews, dependency controls, code review, security testing, release criteria, telemetry, update mechanisms, and vulnerability handling. They also consider how a customer can deploy and operate the product without needing uncommon expertise to activate basic safeguards.

Lifecycle responsibility continues after release. Manufacturers need a process for receiving vulnerability reports, issuing fixes, communicating risk, and supporting safe updates throughout the supported product lifetime.

  • Security requirements and threat modeling
  • Architecture that limits trust and privilege
  • Engineering, dependency, and release controls
  • Vulnerability disclosure, updates, and support
03

Secure by design differs from secure by default

Secure by design concerns decisions made throughout planning, architecture, implementation, testing, and support. Secure by default means the initial configuration uses safer settings without requiring a customer to find and enable basic protections.

A product can satisfy one principle poorly while addressing the other. Strong architecture can still ship with risky default settings, while secure defaults cannot correct a feature whose design grants unnecessary privilege or exposes sensitive operations.