Principle 1: Securing the weakest Principle 2: Defense in depth Principle 3: Secure failure Principle 4: Least privilege (cont.) Principle 5: Compartmentalization Principle 6: Simplicity Principle 7: Promote privacy Principle 8: Hard to hide secrets Principle 9: Be Reluctant to Trust Principle 10: Use Community Resources Principle 11: Minimize Attack Surface Principle 12: Don’t mix data & code Principle 13: Clearly Assign Responsibilities Principle 14: Identify Your Assumptions Principle 15: Audit Your System Principle 16: Have Good Usability
