A poor understanding of security requirements is a common cause of insecure design. The design team needs to have security requirements established, and be able to understand how to follow them.
Insecure Design happens when security is not sufficiently considered or prioritized during the design process. Either the designers didn’t know there were security issues, or they overlooked them for some reason.
Insecure Design is dangerous because it fundamentally weakens the security of a piece of software, or software system.
Insecure Design refers to structural security flaws in software, or software systems. Put another way, the design makes it impossible for the software to be fully secure.