LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why does moving from design to implementation increase security risk?

Implementation expands a small abstract design into thousands of concrete lines — each one a chance for buffer overflows, injection, or logic bugs that abstractions can't have.

Aspect Design Phase Implementation Phase
Level High-level, conceptual Actual code, all details specified
Attack surface Smaller (fewer specifics) Every line is a potential vulnerability
Bug types Architecture flaws Buffer overflows, injection, logic errors

Why risk increases:

  1. Larger attack surface — Design says "validate input"; implementation has 50 validation functions, each potentially flawed
  2. Abstraction leaks — Design assumes secure communication; implementation uses a library with known CVEs
  3. Detail-level bugs — Only code can have buffer overflows, race conditions, etc.
  4. Threat evolution — New attack techniques discovered between design and deployment

Implication: Even perfect design requires careful implementation. Security review must happen at both levels.

From Quiz: SPRG / Secure Programming Introduction | Updated: Jul 14, 2026