{"title":"SoK: The design paradigm of safe and secure defaults","authors":"Jukka Ruohonen","doi":"10.1016/j.jisa.2025.103989","DOIUrl":null,"url":null,"abstract":"<div><div>In security engineering, including software security engineering, there is a well-known design paradigm telling to prefer safe and secure defaults. The paper presents a systematization of knowledge (SoK) of this paradigm by the means of a systematic mapping study and a scoping review of relevant literature. According to the mapping and review, the paradigm has been extensively discussed, used, and developed further since the late 1990s. Partially driven by the insecurity of the Internet of things, the volume of publications has accelerated from the circa mid-2010s onward. The publications reviewed indicate that the paradigm has been adopted in numerous different contexts. It has also been expanded with security design principles not originally considered when the paradigm was initiated in the mid-1970s. Among the newer principles are an “off by default” principle, various overriding and fallback principles, as well as those related to the zero trust model. The review also indicates problems developers and others have faced with the paradigm.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 103989"},"PeriodicalIF":3.7000,"publicationDate":"2025-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000274","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
In security engineering, including software security engineering, there is a well-known design paradigm telling to prefer safe and secure defaults. The paper presents a systematization of knowledge (SoK) of this paradigm by the means of a systematic mapping study and a scoping review of relevant literature. According to the mapping and review, the paradigm has been extensively discussed, used, and developed further since the late 1990s. Partially driven by the insecurity of the Internet of things, the volume of publications has accelerated from the circa mid-2010s onward. The publications reviewed indicate that the paradigm has been adopted in numerous different contexts. It has also been expanded with security design principles not originally considered when the paradigm was initiated in the mid-1970s. Among the newer principles are an “off by default” principle, various overriding and fallback principles, as well as those related to the zero trust model. The review also indicates problems developers and others have faced with the paradigm.
期刊介绍:
Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
