Quiz Entry - updated: 2026.07.05
Why is it cheaper and more effective to address security during design rather than after implementation?
Because a security flaw caught in design costs ~10-100x less than the same flaw found in production, where it may force rewrites of schemas, APIs, and clients.
Why:
- Architectural flaws require rewrites — Adding encryption later means changing DB schemas, APIs, and client code
- Vulnerabilities compound — One missing auth check in design becomes hundreds of unprotected endpoints in code
- Testing is easier — Security requirements defined upfront can be tested automatically
- Trust from the start — Auditors trust systems designed with security, not patched after breaches
Example: A design decision to use parameterized queries takes minutes. Retrofitting SQL injection protection across hundreds of raw queries takes weeks.