So I wrote a little draft essay on Secure By Default and opened it for comment. I think one thing that we maybe forget in our community is that some of the more fundamental basises of what we do never make it up to policy-world. Langsec being the primary example. But also there's a huge body of work in TAOSSA, Shellcoders, every offensive conference talk, etc. that never gets put into context anywhere but in our clique.