Quiz Entry - updated: 2026.07.14
What are the core secure design principles?
Least Privilege, Defense in Depth, Minimize Attack Surface, Keep it Simple, Fail Securely, Traceability, Segmentation, Encrypt Everywhere, Use Proven Solutions, Defensive Programming.
* The core secure-design principles (Saltzer & Schroeder-rooted) fanning out from one centre. *
10 foundational principles for secure architecture:
| # | Principle | One-liner |
|---|---|---|
| 1 | Least Privilege | Grant only minimum necessary permissions |
| 2 | Defense in Depth | Multiple independent security layers |
| 3 | Minimize Attack Surface | Disable unused features, close unnecessary ports |
| 4 | Keep it Simple | Complex systems have more bugs |
| 5 | Fail Securely | When errors occur, deny access by default |
| 6 | Ensure Traceability | Log security events (never log sensitive data) |
| 7 | Segmentation | Isolate components to limit breach impact |
| 8 | Encrypt Everywhere | Protect data in transit and at rest |
| 9 | Use Proven Solutions | Don't roll your own crypto |
| 10 | Defensive Programming | Validate all inputs, handle all errors |
Go deeper:
Saltzer & Schroeder — Protection of Information in Computer Systems — the 1975 paper that originated least privilege, fail-safe defaults, economy of mechanism.
OWASP Developer Guide — Security Principles — modern restatement (defense in depth, least privilege, fail securely).