I am not novice in the cybersecurity domain, nor software security area, but the first time I heard about secure by design(SbD) was just last year. It seems a “buzzword” and has been using everywhere, and people talk about it, quote about it (even the quoter about SbD had no idea what it is). Nowaday, the cyber security becomes a hot topic everywhere. In the era of digital transformation and industry 4.0 waves, it becomes more and more critical. I am not intending to give any statistic numbers about security problem, breach reports, but indeed, right now it is more seriously. Unluckily many companies are underestimating the security issues, or they are not aware how urgent it is. It’ too late to lock the stable when the horse is stolen. Obviously, there are many approaches in order to “lock the stable”, tons of best practices, standards, strategies, or a set of products which support you to do that, i.e. ISO27000, security development lifecycle, security patterns, DevSecOps (I will blog about this later). Secure by design (SbD) is a set of approaches, rather than a standard, will be called-out. When it’s called “approach”, that means there are no standards for that, I will give in this post some of my perspectives about SbD.

##What the heck is SbD? So, as the name already said, secure by design is making the software system more secure but from designing the software :-) really. For example, when you designing a house, you have to think about the locks, the materials, and many more other stuffs which are challenging your thiefs at least. As mentioned above, SbD is a set of approaches which could help to reach the design more secure. In wikipedia define: Secure by design, in software engineering, means that software products and capabilities have been designed to be foundationally secure. In this post, I would separate it into more concrete approaches, which are:

• Defense in Depth
• Risk based Security
• Holistic Security
• Resilient Security
• Organized Security
• Transparent Security