So I wrote a little draft essay on Secure By Default and opened it for
comment. I think one thing that we maybe forget in our community is that
some of the more fundamental basises of what we do never make it up to
policy-world. Langsec being the primary example. But also there's a huge
body of work in TAOSSA, Shellcoders, every offensive conference talk, etc.
that never gets put into context anywhere but in our clique.
Obviously feel free to just comment in-thread if you prefer, even if you
work at CISA:
https://mastodon.social/@dave_aitel/111779922142416342
Thanks,
Dave