The Vulnerability History Project

Lesson: Secure By Default

Is this about default configurations? The principle of **Secure by Default** is key in engineering secure software. More of a specific instance of the [:tag: Principle of Least Privilege](/tags/least-privilege), these vulnerabilities occurred because the default configuration of the system was an insecure one. Developers are often faced with tough choices when it comes to defaults. Securing _everything_ might mean turning off the very features that make your system useful. And usability is king when you're trying to make a first impression, so making the "getting started" as simple as possible is important. Security configuration is the opposite of simplicity, so striking a balance between secure defaults and streamlined usability is very tricky.


    There are no articles here... yet