diff --git a/config/Config-build.in b/config/Config-build.in
index 69fb7089721af63780ef876a0970baef15c2e8a2..82ec0d6d0a780846e2819dc9b7a1a1a67455a485 100644
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -211,7 +211,7 @@ menu "Global build settings"
 	config PKG_CHECK_FORMAT_SECURITY
 		bool
 		prompt "Enable gcc format-security"
-		default n
+		default y
 		help
 		  Add -Wformat -Werror=format-security to the CFLAGS.  You can disable
 		  this per package by adding PKG_CHECK_FORMAT_SECURITY:=0 in the package