Secure by Design means that a product's architecture is designed for and around security. Before any code is written, security-based design reviews are conducted to perform threat modeling, and as code is written, automation is used to look for defects and log bugs, and continuous code reviews are performed.
Threat modeling involves looking at each feature of an application and determining how that feature could be attacked in some way. Microsoft uses STRIDES to categorize threats faced by applications based on the goals and purposes of the attacks. STRIDES is an acronym that stands for:
Denial of service
Elevation of privilege
Exchange 2003, when coupled with ...