Secure development is an ever-evolving field that has advanced quickly in recent years with initiatives like Secure Development Lifecycle (SDLC), Development Security Operations (DevSecOps), and Model-Based Security Engineering (MBSE). Despite the persistence of the security and design communities to include security in the design process, significant security breaches continue to occur. Our work reviews existing literature to determine the current state of the research at the intersection of these design and cybersecurity fields and ultimately proposes an integrative and systematic approach for developers to generate design principles that incorporate traceable security. This approach integrates security regulations and design principles and activities, encouraging compliance and security considerations at the earliest stages of the design thinking process.
