TY - JOUR
T1 - SoK
T2 - The design paradigm of safe and secure defaults
AU - Ruohonen, Jukka
N1 - Publisher Copyright:
© 2025
PY - 2025/5
Y1 - 2025/5
N2 - In security engineering, including software security engineering, there is a well-known design paradigm telling to prefer safe and secure defaults. The paper presents a systematization of knowledge (SoK) of this paradigm by the means of a systematic mapping study and a scoping review of relevant literature. According to the mapping and review, the paradigm has been extensively discussed, used, and developed further since the late 1990s. Partially driven by the insecurity of the Internet of things, the volume of publications has accelerated from the circa mid-2010s onward. The publications reviewed indicate that the paradigm has been adopted in numerous different contexts. It has also been expanded with security design principles not originally considered when the paradigm was initiated in the mid-1970s. Among the newer principles are an “off by default” principle, various overriding and fallback principles, as well as those related to the zero trust model. The review also indicates problems developers and others have faced with the paradigm.
AB - In security engineering, including software security engineering, there is a well-known design paradigm telling to prefer safe and secure defaults. The paper presents a systematization of knowledge (SoK) of this paradigm by the means of a systematic mapping study and a scoping review of relevant literature. According to the mapping and review, the paradigm has been extensively discussed, used, and developed further since the late 1990s. Partially driven by the insecurity of the Internet of things, the volume of publications has accelerated from the circa mid-2010s onward. The publications reviewed indicate that the paradigm has been adopted in numerous different contexts. It has also been expanded with security design principles not originally considered when the paradigm was initiated in the mid-1970s. Among the newer principles are an “off by default” principle, various overriding and fallback principles, as well as those related to the zero trust model. The review also indicates problems developers and others have faced with the paradigm.
KW - Fail-safe defaults
KW - Scoping review
KW - Security design principles
KW - Security engineering
KW - Systematic mapping study
U2 - 10.1016/j.jisa.2025.103989
DO - 10.1016/j.jisa.2025.103989
M3 - Journal article
AN - SCOPUS:85218625528
SN - 2214-2134
VL - 90
JO - Journal of Information Security and Applications
JF - Journal of Information Security and Applications
M1 - 103989
ER -