Sitting hear on a cold, snowy day thinking about secure design principles. These are key to think about during the design phase of a feature/project?
- Total Mediation – every access to every resource must be validated every time
- Economy of Mechanism – keep it as simple as possible
- Fail-Safe – in case of failure, default to a secure state
- Defense in Depth – layer security
- Open Design – the security of a system should not be dependent on secrecy of its design or implementation
- Psychological Acceptability – security mechanisms must not make resources more difficult to access then if they weren’t there
- Separation of Privileges – limit access to a system/feature to only those that *need* to access it for the shortest duration possible
- Minimize attack surface – reduce risk by reducing the attack surface area
- Secure Defaults – default to a secure state
Any others you can think of?