Deny by default
Assume code will fail and let the code structure falltrough to deny
TLS by default
Assume untrusted networking, pay the price and encrypt by default even test environments (Beyond Corp)
Dog food
Use exposed endpoints aswell as access models internally in the system aswell (Bootstrap with self)
Absence of information means deny
If it's not in the graph it means deny