Writing Secure Code

Do understand your users security needs, and provide the appropriate information to help them get their jobs done.

Do default to a secure configuration whenever possible.

Do provide a simple and easy to understand message, and allow for progressive disclosure if needed by more sophisticated users or admins.

Do make security prompts actionable .

Do not dump geek-speak in a big-honking dialog box. No user will read it.

Do not make it easy for users to shoot themselves in the foot hide options that can be dangerous!

Consider providing ways to relax security policy selectively, but be explicit and clear about what the user is choosing to allow.