methodology

Security As A Bolt On

Security As A Bolt On is a software development anti-pattern where security measures are added to a system as an afterthought or late in the development lifecycle, rather than being integrated from the start. This approach often involves tacking on security features like authentication, encryption, or input validation after core functionality is already built, leading to vulnerabilities, higher costs, and inefficiencies. It contrasts with proactive security practices like DevSecOps or security-by-design.

Also known as: Bolt-on Security, Security Bolt-on, Security as an Afterthought, Tacked-on Security, Late-stage Security
🧊Why learn Security As A Bolt On?

Developers should learn about this concept to understand why it's problematic and avoid it in practice, as it can result in insecure software, increased technical debt, and costly fixes post-deployment. It's particularly relevant in scenarios where rapid development or legacy systems lead to security being neglected, such as in startups or when maintaining older codebases. Recognizing this anti-pattern helps teams shift towards more secure methodologies like integrating security early in the SDLC.

Compare Security As A Bolt On

Security As A Bolt On vs DevsecopsSecurity As A Bolt On vs Security By DesignSecurity As A Bolt On vs Shift Left Security

Learning Resources

📄
OWASP Security by Design Principles
docs
🎓
DevSecOps: Integrating Security into DevOps
course
📝
Shift Left Security Explained - Snyk Blog
tutorial
📄
Security as a Bolt-On Anti-pattern - InfoQ Article
docs

Related Tools

DevsecopsSecurity By DesignSecure CodingThreat ModelingSdlc Security

Alternatives to Security As A Bolt On

DevsecopsSecurity By DesignShift Left Security