You don't bolt security on at the end.
You assume your way into it from the start.
Assume the input is hostile.
Assume the network is listening.
Assume the user will click the wrong thing.
Security isn't a feature you ship.
It's a set of expectations you never lower.
The breach rarely comes from the attack you imagined.
It comes from the assumption you never made.
– Serguey Asael Shinder
Top comments (0)