Every component a product ships becomes something customers must configure, patch, and defend. WordPress illustrates this, with 90-96% of its security issues originating in plugins because its architecture gives every plugin unrestricted access to the entire system. Self-hosted databases need replication, backups, and version upgrades, while container platforms need network policies, image scanning, and cluster maintenance. Each added component expands both operational load and attack surface.

Modern architectures are changing what products require customers to run:

* Cloudflare's EmDash reimagines WordPress as a serverless CMS with no PHP runtime, no customer-managed database, and sandboxed extensions that must declare specific capabilities such as "read:content."
* WireGuard's implementation fits in roughly 4,000 lines of kernel code, small enough for one person to audit.
* Tailscale builds on WireGuard so devices connect without customers running servers, opening ports, or rotating certificates.

The security improvements came from eliminating components rather than layering new controls on top.

For builders, that shifts the question from "what controls should we add?" to "what can we simplify?" A platform service can replace a customer-managed database, a capability declaration can replace unrestricted plugin access, and a safe default can replace an opt-in checkbox. Each removal shrinks both what customers must maintain and what attackers can target.

For my full article, see:
https://zeltser.com/modern-design-security

#infosec #cybersecurity #securebydesign #productsecurity

🔐 eBook Alert: The Unique Challenges of Securing #ConnectedDevices

Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0

#IoTSecurity #ProductSecurity

The year 2025 is slowly coming to an end.

End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.

Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜

#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]

You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻

🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉

#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

We love sharing resources that will help our AppSec community!! New eBook Alert: The Unique Challenges of Securing #ConnectedDevices

Whether you're building smart medical devices, industrial control systems, or next-gen consumer tech, this guide from Finite State is packed with actionable insights 👉 https://hubs.ly/Q03rhxvJ0

#IoTSecurity #ProductSecurity

Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍

🗓 Save the dates: November 5-8, 2026. ✅

https://opensecurityconference.org/

#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

It's the last day, the last morning of the Open Security Conference 2025. We've learned so much together these days. Now's the time to go deeper into some of those topics, spend the rest of the time for networking, relax and breathe this community spirit.

We're very much looking forward to seeing lots of these folks again in 2026. 😊

https://opensecurityconference.org/

#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

That was so fast - the second open space at the Open Security Conference 2025 is already coming to an end. We're all coming together to reflect, think about sessions for the evening and also our last day tomorrow.

Well, it's not over yet! 💜

https://opensecurityconference.org/

#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

Aaaaand it's another full day of open space at the Open Security Conference 2025! Participants just started to present their session ideas for today. Oh the tension, we're super curious what we'll all learn today! 😁 Yet one thing is for sure - whatever it is, it'll be in the common interest for folks. One of the beauties of an open space. 🌻

https://opensecurityconference.org/

#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]

What a day. Already learned so much from this crowd - "be ready to be surprised" really holds true every time at #OpenSpace conferences like ours! 🌟

Off for dinner, afterwards the evening fun will start. 😁

https://opensecurityconference.org/

#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]