No offense are taken, your question is absolutely legit. As we used to joke in security world "putting on my black hat"/"putting on my white hat" - i.e. same set of questions I would be asking for hacking and protecting the product. So, I commend you for being careful here.
Now, at that particular case I'm acting with my "white hat on". :) I'm hired by VMware, to help them improve security posture for their new products (vRealize package). I do that as part of the security team on VMware side, and working in conjunction with DISA (http://iase.disa.mil/stigs/Pages/a-z.aspx
) we are creating STIGs (I explained this term in details in this same thread above, in my response to Jon, so I wouldn't repeat myself here) for all the components vRealize suite of products has, including Cassandra, which is used in one of the products. This STIGs would be handed over to DISA, reviewed by their SMEs and published on their website, creating great opportunity for all the products covered to improve their security posture and advance on a market for free.
For VMware purposes, we would harden our suite of products, based on STIGs, and create own overall Security Guideline, riding on top of STIGs.
As I mentioned above, for both Cassandra and DSE, equally, this document would be very beneficial, since it would enable customers and help them to run hardening on the product and place it right on the system, surrounded by the correct set of compensation controls.