London 20 & 21st May 2010, Westminster Conference Centre

  
Security by Design (SbD) is a principle to guide our way forward into the future where the advances in web computing hold great promise but also at the cost of expanding vulnerabilities and dependencies out of balance with the risks.  It is also about a principled discipline where it is ingrained in the mind of engineers from the earliest stages (universities) that it (SbD) is not something left to others to add at some later point downstream in the supply chain - it is rather the discipline that SbD must start at the beginning. Software assurance is one of those disciplines for those whose job it is to develop the code that performs the functions that delivers a secure service within a secure network.  This is the starting point - but not the sole effort needed.  SbD also entails the prospects of something that the author is calling the "security stack".  For those attending the conference this may seem like preaching to the choir and so it is.  The question is how to take these ideas from good theory into common practice.  This is the topic that should concern us and that demands action.