The OWASP Secure-by-Design (SbD) Framework provides structured, design-time guidance for embedding security into architecture before code is written. It bridges high-level security requirements and implementation-time verification (ASVS), and includes a condensed review checklist plus a living catalog of reference architectures and reusable patterns. See the owasp page for more information.
This is the initial draft release – version v0.5.0 (Draft) – August 2025. The framework is evolving; contributions are welcome!
see website and relevant tabs for:
- SbD Process
- SbD Principles & Recommendations
- SbD Review Checklist
- Catalog
Download PDF: OWASP-Secure-by-Design-Framework-v0.5.pdf
Read CONTRIBUTING.md for the full contribution process.
For a detailed history of updates, improvements, and milestones, please see the CHANGELOG.md