Frequently Asked Questions

Who is this site for?

This site is for:

  • Software manufacturers looking to improve their security practices

  • Developers and product managers building and maintaining software

  • Executives and CISOs making investment decisions

  • Security researchers and PSIRTs identifying systemic issues

  • Policy makers and regulators shaping the future of software safety

  • Procurers and acquirers evaluating the security posture of products

  • Journalists and educators explaining cybersecurity to the public

No matter your role, if you care about making software safer for everyone, you’re in the right place.

What are the core principles of Secure by Design?

CISA’s Secure by Design whitepaper lists three core principles.

  1. Take ownership of customer security outcomes.
    Manufacturers—not customers—should bear the responsibility for preventing exploitation.

  2. Embrace radical transparency and accountability.
    Share root cause information, metrics, and architectural decisions that affect security.

  3. Lead from the top.
    Executive commitment and incentives should align with long-term security improvements, not short-term feature velocity.

Note that these principles are not about the technology, but about the factors that will lead to customer safety.

Is Secure by Design the same as Secure Software Development Life Cycle (SSDLC or SDL)?

Not exactly. SSDLC processes are important, but Secure by Design is about outcomes, not checklists. You can follow an SSDLC and still ship software with known classes of vulnerabilities. Secure by Design focuses on eliminating entire categories of flaws—like memory safety issues—rather than just reducing their likelihood.

What are “Unforgivable Vulnerabilities”?

In 2007, MITRE released a paper titled Unforgivable Vulnerabilities. The paper proposed a bold idea: some classes of software defects had become so well-understood, so easily preventable, and so persistently exploited that continuing to ship software containing them was no longer excusable. They called these “unforgivable vulnerabilities.”

This idea—almost two decades old—is still profoundly relevant today. In fact, it’s worth comparing the vulnerabilities MITRE flagged in 2007 against the most recent list of the CWE Top 25 Most Dangerous Software Weaknesses (2024).

Many of the same defect types appear on both lists, including:

  • Buffer overflows

  • Integer overflows

  • Format string vulnerabilities

  • Command injection

  • SQL injection

  • Cross-site scripting (XSS)

  • Hardcoded credentials

The continued presence of these weaknesses in the 2024 Top 25—despite the tools, languages, and practices available to prevent them—underscores MITRE’s original point. These vulnerability classes weren’t just dangerous in 2007. They remain unforgivable today.

Secure by Design thinking builds directly on this legacy. It recognizes that eliminating entire classes of vulnerabilities is not only possible, but necessary—and that software manufacturers have a responsibility to stop shipping known-bad patterns.

Secure by Design Story Cards

Coming soon: A 55-card deck packed with bite-sized lessons on Secure by Design software. Learn the concepts, one card at a time.