"Secure by Design" and “Secure by Default” embody the principle of designing systems and software to be inherently secure from the outset, minimising the need for additional security measures. It prioritises built-in safeguards, authentication protocols, and encryption by default, reducing vulnerabilities and enhancing overall resilience against potential threats. The Cybersecurity & Infrastructure Security Agency, along with nine other agencies released a whitepaper highlighting how manufacturers need to change.

This change in approach should kill the need for a "Hardening guide" and replaces it with a “Loosening guide”. This brings enormous benefits but also challenges for end users and integrators.

Developers naturally focus on the Secure by Design aspect as it affects how they work the most but that is not how to pitch it internally and externally.