Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One reason, is probably because retrofitting security is a freaking nightmare.

In my opinion, security (as well as Quality, and things like error handling, accessibility, and localization) is something that needs to be planned and implemented, from Day One.

Do a better job from the start, and the cost will drop like a stone.



Nobody implements security from day 1 because it's not some one time cost. It is an ongoing, continuous cost you pay for the system to exist.

People build walled garden security models because security imposes a pretty large operational cost on everything else.


I’ve found that there’s quite a few things that you can do, from the start, that make implementing security measures later, a lot easier.

Think of it as a “pegboard.” It has a bunch of holes to hook things onto. You make sure to brace it well, and use good masonite. That way, you may not know exactly what you’re going to hang on it, but you have a good infrastructure for it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: