Security as a first-class requirement, accurately implemented.

Security must be designed into a system and stay top-of-mind throughout system development. As the system evolves, modern teams utilize automation, documented best practices, security audits, threat assessments, penetration testing, and other mechanisms to ensure the resulting product is secure.

All developers are aware of the security threat model for the device, the strategy to mitigate these threats, and are able to validate the security of the system at any time.

All developers have a general understanding of common security vulnerabilities such as the OWASP Top 10 and vulnerability databases.

Code is automatically scanned for discovered vulnerabilities. When one is discovered, a defined process procedes in which stakeholders are alerted and a fix is implemented, tested, and pushed to devices quickly and reliably.