As cyber threats increase in scale and impact, building security into software from the start has become more than best practice—it’s a national security imperative. RunSafe Security is a signee of the CISA Secure by Design pledge, Here’s what we’ve learned by living the principles we advocate.
If you’ve worked in cybersecurity for even a short time, you’ve heard the term Secure by Design. It shows up in marketing decks, compliance checklists, and industry frameworks. But beneath the jargon is something real and increasingly urgent.
In our recent episode of Exploited: The Cyber Truth, RunSafe Security Founder and CEO Joe Saunders joined host Paul Ducklin to unpack what Secure by Design really means, how it aligns with national cybersecurity priorities, and what it looks like in practice.
Secure by Design and National Security
The security conversation has expanded well beyond protecting individual businesses. Today, it’s about safeguarding critical infrastructure—power grids, healthcare networks, weapons systems, and the embedded systems that keep them running.
As Joe Saunders put it:
“We want fewer bugs and a higher code quality rate because bugs and vulnerabilities lead to compromise out in the field, especially when critical infrastructure is at stake. So it’s a national security issue.”
Even companies with world-class development processes—Microsoft, Google, Lockheed Martin—still ship code with vulnerabilities. The reality is: humans write software, and mistakes happen. What matters is how we systematically reduce vulnerabilities and protect software in the field.
Why “Move Fast and Break Things” Doesn’t Cut It
In sectors like finance or consumer tech, rapid iteration might work. But for embedded systems, industrial control systems, and other long-lived infrastructure, failure is not an option.
“You can imagine that an industrial control system… might last inside the infrastructure with the software on them for thirty years, whereas a web-based application might get updated five times a day.”
This is why Secure by Design isn’t just a dev team mantra but a requirement for embedded systems security. The strategy must reflect the realities of your environment, including long product lifecycles and limited patching windows.
Why We Signed the CISA Secure by Design Pledge
RunSafe Security was an early adopter of the CISA Secure by Design pledge, joining 300+ companies committed to building better software. But we also raised important questions about feasibility.
For example, initial guidance strongly favored rewriting legacy code in memory-safe languages like Rust. However, there are 800 billion lines of code deployed across critical infrastructure. Full rewrites are not realistic. As Joe noted:
“You can’t tell me it makes any economic sense to rewrite all that software in a memory safe language at the get-go. And so it’s impossible.”
Fortunately, the original NSA guidance offers a key nuance: “rewrite or implement other forms of mitigation.”
That “or” matters.
Our Rust Migration: What We Learned
At RunSafe, we put the theory to the test. We converted 30,000 lines of C++ to Rust to reduce memory safety issues. We believe that security software, which RunSafe provides, should be held to a higher level of scrutiny and not be the source that introduces vulnerabilities into an environment.
What Worked:
- Smaller compiled binaries
- Performance gains over C++
- More structured, maintainable code
The Tradeoffs:
- Took 3+ months—not plug-and-play
- Compatibility challenges
- Rust isn’t yet certified for safety-critical applications
“There were some compatibility issues… so not all of our software was even in scope and could be rewritten in Rust.”
The lesson? Memory safety is critical, but your implementation needs to be strategic. Focus your efforts on rewriting code where the risk is greatest and alternative mitigations don’t exist.
Hardening Legacy Systems Without Rewriting
Many of our customers rely on legacy systems that aren’t easily updated. So how do you advance Secure by Design without starting from scratch?
This is where RunSafe’s Protect solution comes in. We provide runtime exploit prevention through our patented memory randomization technology to protect software without requiring source code changes or costly rewrites.
Load-time Function Randomization (LFR) is a more granular form of runtime application self-protection (RASP) specifically designed to counter memory-based exploits, which are a persistent threat in modern software systems. By dynamically altering the memory layout of an application during its load time, LFR disrupts attackers and provides much needed protection for critical infrastructure without requiring any rewrites of code..
“There are 800,000,000,000 lines of software code in critical infrastructure. You can’t rewrite all of it—but you can harden it.”
What Secure by Design Actually Looks Like
Secure by Design is more than a philosophy—it’s a set of practices we follow ourselves and help our customers adopt:
- Implementing runtime protections for existing systems
- Integrating memory safety measures across dev cycles
- Supporting SBOMs and vulnerability disclosure
- Automating software hardening during CI/CD
Transparency is a core part of this. A robust vulnerability disclosure program builds trust and speeds up response times.
“If you can get your practices in place where you’re confident to disclose, then everybody wins.”
The Log4j Lesson: Why SBOMs Matter
When Log4j hit, many organizations didn’t even know if they were affected. They couldn’t track what components were in their own software.
“People didn’t know if they had the Log4j component in the software they received… so guess what? A gazillion phone calls going back and forth.”
That’s why SBOMs matter. Like nutrition labels for software, SBOMs let you identify vulnerabilities faster—and act on them with confidence. (Explore our SBOM generation tool).
Secure by Demand: The Buyer’s Role
CISA’s Secure by Demand guidance focuses on procurement. Buyers play a key role in raising the bar for suppliers by asking the right questions:
- What’s your software development process?
- Do you support SBOMs?
- How do you handle vulnerability disclosures?
- Are updates and patches built into the delivery model?
RunSafe supports all of these through our secure software development lifecycle. Contact our team to learn more.
Security Is a Shared Responsibility—and Advantage
Here’s the paradox: Cybersecurity isn’t a zero-sum game. When companies improve baseline security together, the entire ecosystem becomes more resilient—and harder for adversaries to exploit.
“It’s not enough to just add more people to your security team. You need better processes, not just more effort.”
That’s what we believe at RunSafe. Security isn’t about heroics—it’s about repeatable, scalable engineering.
Final Thoughts
Secure by Design isn’t a checkbox or a marketing tagline. It’s a commitment to building resilient systems, reducing vulnerabilities at their source, and strengthening software supply chains across sectors.
At RunSafe Security, we’ve seen the benefits firsthand: stronger code, reduced attack surfaces, and more secure operations for the embedded systems and critical infrastructure our platform protects.
The question isn’t can you afford to invest in Secure by Design?
It’s can you afford not to?
