LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does the cost of fixing a security bug change depending on when it's discovered in the software development lifecycle?

The later you find it, the more it costs — roughly exponential, from x1 in requirements to hundreds of times more in operations.

The cost climbs because a late-discovered flaw has already been built into design decisions, code, tests, documentation and live data — all of which must be unwound and re-verified:

Phase Cost Multiplier
Requirements x1 (reference)
Design x3 to x8
Build x7 to x16
Test x21 to x78
Operations x29 to x1615 (mean x250)

Key takeaway: Fix security issues early - it's much cheaper to address them during requirements than in production.

From Quiz: SPRG / Security Requirements Fundamentals | Updated: Jul 14, 2026