Recurring Security Engineering Anti-Patterns I Witness
I witness pretty often the following antipatterns for security engineering:
- Initial architecture document is created and it seems to have everything to address application security , but in the end none is implemented.
- Security engineering is abused and turns the project into corner stone distracting from actually developing the application.
The first case would be solved by applying security engineering throughout dev lifecycle, the second one would be solved by taking a look at the following post - What you are optimizing
Enjoy