Security by Design

The “Security by Design” project is a multiyear initiative with the objective of creating a density of work product in the area of software design security. This project evaluates several elements of software security, from the secure-by-design and secure-by-default principles to how legal and policy processes could require or incentivize security by design from software developers. It features long-form research papers, articles, podcast interviews and documentation on these questions.

Latest in Security by Design

Published by The Lawfare Institute in Cooperation With

Security by Design: An Annotated Resource List

Reganne Hardy Eugenia Lostri Justin Sherman

Feb 28, 2024

A point-in-time effort to capture relevant government documents, guidelines, corporate practice, and analysis on the subject of security by design.
The Difficulties of Defining “Secure-by-Design”

Scott J. Shackelford Craig Jackson Scott Russell , +3

Feb 6, 2024

New survey findings and efforts to identify the most impactful security controls underscore the need for an empirical approach to defining—and promoting—security-by-design.
It’s Morning Again in Pennsylvania: Rebooting Computer Security Through a Bureau of Technology Safety

Andrea Matwyshyn

Jan 30, 2024

In order to escape the computer security bootloop, Congress can create a new technology safety regulator of last resort—the Bureau of Technology Safety (BoTS).
The Lawfare Podcast: Jim Dempsey on Standards for Software Liability

Stephanie Pell Jim Dempsey

Jan 24, 2024

What should a software liability regime look like?
Standards for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor

Jim Dempsey

Jan 23, 2024

A proposed system intended to respond to the criticism that software security is context dependent, to minimize the cost of litigation, and to incentivize improvements in software security.
The Lawfare Podcast: Three CISA Senior Advisers on Secure by Design

Paul Rosenzweig Jack Cable Bob Lord , +2

Dec 22, 2023

What is Security by Design?
Shields Up For Software

Derek E. Bambauer Melanie J. Teplinsky

Dec 19, 2023

As the Biden administration seeks to develop software liability legislation, consider a regime that incorporates one safe harbor and one “inverse safe harbor.”
Who’s Afraid of Products Liability? Cybersecurity and the Defect Model

Chinmayi Sharma Benjamin C. Zipursky

Oct 19, 2023

The law of products liability has the flexibility and sophistication to anchor the legal liability portion of Biden’s National Cybersecurity Strategy.
Announcing a New Lawfare Project on ‘Security by Design’

Benjamin Wittes Paul Rosenzweig

Aug 28, 2023

The multiyear project will evaluate the elements of this strategic approach to software security.