LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

Why should security be considered from the beginning of software development?

Because fixing a flaw gets dramatically more expensive the later you find it — "the earlier, the cheaper."

Several factors compound to make late security fixes extremely expensive:

  1. Cost escalation: A flaw caught in the requirements phase is cheap to fix; the same flaw found in production can cost orders of magnitude more (commonly cited figures reach ~100x or higher) because it may require redesign, re-coding, and re-testing.

  2. 80/20 maintenance rule: ~80% of a system's lifetime cost is maintenance, and security patches land in that expensive 80%.

  3. Perimeter limitations: Firewalls filter access but can't fix software bugs — the flaw still has to be fixed in the code.

  4. Most vulnerabilities are introduced early: A missing security requirement or a weak design choice propagates into hundreds of lines of insecure code, so addressing it up front prevents the whole cascade.

  5. Zero Trust reality: Modern systems (cloud, remote work, BYOD) can't rely on a network boundary for protection, so each component must be secure on its own.

Principle: Security by design beats security by patching.

See: OWASP Proactive Controls — top 10 things developers should do from the start

From Quiz: SPRG / Security Fundamentals | Updated: Jun 20, 2026