Secure By Default

There might be another page on this wiki that describes a similar pattern. SafeByDefault??

The idea is to be secure by default - but if in exceptional cases one needs to escape security, there are ways out.

Examples of This Pattern

• OpenBsd follows a philosophy that aims for an extremely secure OS by default.
• if using fpc and qomp, choosing {$GOTO OFF}, {$RANGECHECKS ON}, {$CHECKPOINTER ON} options encourages safer and more secure default code
• Ada, Spark, and friends are considered more secure and safe by default (but also considered baroque and complex which may cause security issues itself)
• Programming using contracts may be more secure and safe by default (see also EiffelLanguage)
• Avoiding excessive use of pointers where cleaner alternatives exist may be more secure and safe (reduce chance of overflows, overruns, dangling pointers)
• CapabilityUserInterface demands that security be the PathOfLeastResistance.

People and Personalities

People who prefer SecureByDefault discourage premature optimization. Optimization freaks worry about speed before security and safety (and sometimes even correctness). For example a speed freak might complain that range checks are too slow, and that his goto statements are faster than structured code. In fact, often secure code leads to better code - which may even be faster. Code that does not crash or get broken into is also faster in a sense that the system may not break as often (crashes and security breaches can cause a program to slow down.. consider a DenialOfService Attack).