Why Not?
Here are a few excellent reasons why creating insecure software is a Very Bad Idea.
It’s Expensive
Company A is releasing a web application pilot. It is a fairly complex B2C app with payment framework integration, a scalable cloud deployment and multiple user profile centric features.
By examining team metrics, the Dev Lead quickly learns that it costs over x30 more to fix any single vulnerability in Production versus while in the Architecture phase.
It’s Risky
Company A wanted to cut some short-term costs and did not actively invest in fixing a number of critical security vulnerabilities.
A few months later they get approached by a security researcher who discovered that sensitive data flowing through the app was automatically decrypted when retrieved, allowing an SQL injection flaw to browse credit card numbers in clear text.
Unfortunately, she wasn’t the first to discover this and litigation follows from angry customers after a very public breach.

It Can Put You Out Of Business
Competitors aren’t about to let such a fantastic opportunity pass by and double down on marketing, leveraging the unfortunate breach in their messaging.
Struggling to survive among leaving customers, departing employees, rising litigation costs, regulatory fines and increased auditory scrutiny, Company A has no choice but to first downsize and then close doors altogether.
So...why do you keep doing it?
Or Let's Talk More
647-952-0920
Get weekly updates on the latest in secure coding.
Not a business? No problem! Join us at one of our events.
Upcoming Workshops
- Wed, Apr 22WebinarJoin us social distancing style to learn A-Z about creating secure applications in a full day interactive in-depth secure coding training workshop.
- Wed, Mar 25Online EventNo time? No problem. Join us from anywhere in the world for a 2-hour interactive training session and up-to-speed on secure coding. Content and topics are fresh every time.