Published December 5, 2023 | Version v1
Report Open

Defining security by design: A stakeholder's perspective

  • 1. Universiteit Leiden
  • 2. ROR icon Leiden University


Project leader:

  • 1. Universiteit Leiden
  • 2. ROR icon Leiden University


The "Cyber Security by Integrated Design" (C-SIDE) project aims to build a comprehensive tool to help software developers integrate all relevant angles related to legal, policy, governance, organisational, behavioural and technical views in software system security design. Part of the project consists of the re-conceptualization of security by design beyond the walls of technology. This report presents the results of a workshop held in Leiden (the Netherlands) experts in software development discussing the concept of SbD. The report offers a critical analysis of the current definition of SbD, an assessment of statements to foster a revision of the SbD concept, and considerations for a future proposal of an updated definition of SbD.



Files (857.7 kB)

Name Size Download all
857.7 kB Preview Download

Additional details

Related works

Is derived from
Preprint: 10.2139/ssrn.4477388 (DOI)
Is supplement to
Other: 10.1016/j.clsr.2023.105926 (DOI)


Dutch Research Agenda 2018: Cyber security – towards a secure and reliable digital domain NWA.1215.18.008
Dutch Research Council




  • Bawazir, Mohammed Abdullah, Murni Mahmud, Nurul Nuha Abdul Molok, and Jamaludin Ibrahim. 2016. 'Persuasive Technology for Improving Information Security Awareness and Behavior: Literature Review'. In 2016 6th International Conference on Information and Communication Technology for The Muslim World (ICT4M), 228–33. Jakarta, Indonesia: IEEE.
  • Berg, Bibi van den, Pauline Hutten, and Ruth Prins. 2021. 'Security and Safety: An Integrative Perspective'. In International Security Management: New Solutions to Complexity, edited by Gabriele Jacobs, Iliona Suojanen, Kate E. Horton, and Petra Saskia Bayerl, 13–27. Advanced Sciences and Technologies for Security Applications. Cham, Switzerland: Springer.
  • CNIL. 2019. 'Commission Nationale de L'Informatique et Des Libertés. Protéger Les Données Personnelles, Accompagner l'innovation, Préserver Les Libertés Individuelles'. Rapport d'activité. Paris: Commission Nationale de l'Informatique et des Libertés.
  • Del-Real, Cristina, Els De Busser, and Bibi van den Berg. 2023. 'Shielding Software Systems: A Comparison of Security by Design and Privacy by Design Based on a Systematic Literature Review'. The Hague: SSRN.
  • Diaz, Adriana. 2022. 'Disturbing Reports of Sexual Assaults in the Metaverse: "It's a Free Show"'. New York Post, 27 May 2022.
  • Dunn Cavelty, Myriam, and Andreas Wenger. 2020. 'Cyber Security Meets Security Politics: Complex Technology, Fragmented Politics, and Networked Science'. Contemporary Security Policy 41 (1): 5–32.
  • Moneva, Asier, and Stefano Caneppele. 2020. '100% Sure Bets? Exploring the Precipitation-Control Strategies of Fixed-Match Informing Websites and the Environmental Features of Their Networks'. Crime, Law and Social Change 74 (1): 115–33.
  • Papakonstantinou, Vagelis. 2022. 'Cybersecurity as Praxis and as a State: The EU Law Path towards Acknowledgement of a New Right to Cybersecurity?' Computer Law & Security Review 44 (April): 105653.
  • Shapiro, Scott J. 2023. Fancy Bear Goes Fishing: The Dark History of Information Age, in Five Extraordinary Hacks. New York: Farrar, Straus and Giroux.
  • Steen, Dr Tommy van, and Els De Busser. 2021. 'Security by Behavioural Design: A Rapid Review'. Final report for NCSC-NL. Institute of Security and Global Affairs, Leiden University.