https://vo.rs/tags/devsecops/Devsecops - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Mon, 07 Apr 2025 08:30:00 +0000https://vo.rs/story/cybersecurity-by-design-embedding-zero-trust-into-your-product-roadmap/<p>The most expensive security review I ever sat through happened the week before launch. A pen-tester found that any authenticated user could read any other user&rsquo;s records by changing one integer in a URL — the classic IDOR — and the fix touched forty endpoints because authorisation had been assumed, never checked. We shipped two weeks late and bolted on a permission layer that should have been a load-bearing wall from day one. That is the lesson behind &ldquo;zero-trust by design&rdquo;: the cheap moment to decide that nothing is trusted by default is <em>before</em> you&rsquo;ve written the code that trusts everything.</p>Mon, 07 Apr 2025 08:30:00 +0000