Is this about default configurations?
The principle of Secure by Default is key in engineering secure software. More of a specific instance of the Principle of Least Privilege, these vulnerabilities occurred because the default configuration of the system was an insecure one.
Developers are often faced with tough choices when it comes to defaults. Securing everything might mean turning off the very features that make your system useful. And usability is king when you're trying to make a first impression, so making the "getting started" as simple as possible is important. Security configuration is the opposite of simplicity, so striking a balance between secure defaults and streamlined usability is very tricky.
The Vulnerability History Project