Quiz Entry - updated: 2026.07.14
Why does moving from design to implementation increase security risk?
Implementation expands a small abstract design into thousands of concrete lines — each one a chance for buffer overflows, injection, or logic bugs that abstractions can't have.
| Aspect | Design Phase | Implementation Phase |
|---|---|---|
| Level | High-level, conceptual | Actual code, all details specified |
| Attack surface | Smaller (fewer specifics) | Every line is a potential vulnerability |
| Bug types | Architecture flaws | Buffer overflows, injection, logic errors |
Why risk increases:
- Larger attack surface — Design says "validate input"; implementation has 50 validation functions, each potentially flawed
- Abstraction leaks — Design assumes secure communication; implementation uses a library with known CVEs
- Detail-level bugs — Only code can have buffer overflows, race conditions, etc.
- Threat evolution — New attack techniques discovered between design and deployment
Implication: Even perfect design requires careful implementation. Security review must happen at both levels.