7.1. Follow Good Security Design Principles

Saltzer [1974] and later Saltzer and Schroeder [1975] list the following design principles when creating secure programs, which are still valid:

A good overview of various design principles for security is available in Peter Neumann's Principled Assuredly Trustworthy Composable Architectures. For examples of complete failures to consider these issues (not limited to information technology), see the "winners" of Privacy International's "Stupid Security" Competition.