The Risk
Software is most exposed when it ships open and waits for someone to lock it down. Default passwords, debug endpoints left on, verbose error pages, permissive permissions, and unused features all widen the attack surface. The danger is that a safe configuration depends on a human remembering to apply it, which often does not happen.
A system that is insecure until configured will sometimes never be configured.
The Defense
- Default closed. Disable features, ports, and accounts until they are explicitly needed.
- Require changing or randomizing initial credentials before first use.
- Turn off debug modes and detailed errors in production, returning generic messages.
- Apply least privilege to files, services, and database accounts.
- Provide a hardening baseline and verify it automatically so drift is caught.
Key idea
Ship with the safe configuration as the default and open features deliberately, so security does not depend on someone remembering to lock things down.