Secure by design

Secure by design, in software engineering, means that software products and capabilities have been designed to be foundationally secure.

Alternate security strategies, tactics and patterns are considered at the beginning of a software design, and the best are selected and enforced by the architecture, and they are used as guiding principles for developers.^[1] It is also encouraged to use strategic design patterns that have beneficial effects on security, even though those design patterns were not originally devised with security in mind.^[2]

Secure by Design is increasingly becoming the mainstream development approach to ensure security and privacy of software systems. In this approach, security is considered and built into the system at every layer and starts with a robust architecture design. Security architectural design decisions are based on well-known security strategies, tactics, and patterns defined as reusable techniques for achieving specific quality concerns. Security tactics/patterns provide solutions for enforcing the necessary authentication, authorization, confidentiality, data integrity, privacy, accountability, availability, safety and non-repudiation requirements, even when the system is under attack.^[3] In order to ensure the security of a software system, not only is it important to design a robust intended security architecture but it is also necessary to map updated security strategies, tactics and patterns to software development in order to maintain security persistence.

^ Santos, Joanna C. S.; Tarrit, Katy; Mirakhorli, Mehdi (2017). A Catalog of Security Architecture Weaknesses. 2017 IEEE International Conference on Software Architecture Workshops (ICSAW). pp. 220–223. doi:10.1109/ICSAW.2017.25. ISBN 978-1-5090-4793-2. S2CID 19534342.
^ Dan Bergh Johnsson; Daniel Deogun; Daniel Sawano (2019). Secure By Design. Manning Publications. ISBN 9781617294358.
^ Hafiz, Munawar; Adamczyk, Paul; Johnson, Ralph E. (October 2012). "Growing a pattern language (For security)". Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software. pp. 139–158. doi:10.1145/2384592.2384607. ISBN 9781450315623. S2CID 17206801.

[1] Santos, Joanna C. S.; Tarrit, Katy; Mirakhorli, Mehdi (2017). A Catalog of Security Architecture Weaknesses. 2017 IEEE International Conference on Software Architecture Workshops (ICSAW). pp. 220–223. doi:10.1109/ICSAW.2017.25. ISBN 978-1-5090-4793-2. S2CID 19534342.

[2] Dan Bergh Johnsson; Daniel Deogun; Daniel Sawano (2019). Secure By Design. Manning Publications. ISBN 9781617294358.

[3] Hafiz, Munawar; Adamczyk, Paul; Johnson, Ralph E. (October 2012). "Growing a pattern language (For security)". Proceedings of the ACM international symposium on New ideas, new paradigms, and reflections on programming and software. pp. 139–158. doi:10.1145/2384592.2384607. ISBN 9781450315623. S2CID 17206801.

[1]

[2]

[3]