Security evaluation by arrogance: saving time and money

Software startups can be subject to extreme money and time constraints while hoping for delivering reliable software. In a harsh startup environment, software may face quality downgrade either by improper process management or incapable human resources. Among the many, security is a fragile software quality characteristic responsible for severe negative consequences such as jeopardizing a startup's brand among early adapters. Addressing security evaluation, we report our experience in developing a startup's internal software engineering process that includes a continuous security evaluation cycle at the heart of the process and leverages arrogance in software engineering---the tendency to break other team members' code. The valuable outcome was that enforcing security evaluation, as a concrete process activity, came with no cost. That is, we reutilized our resources by changing the flow of the engineering process while capitalizing on arrogance as a motivating stimulus yielding a cost-effective vulnerability assessment for each software release. We describe our process, provide the case for the benefit of arrogant engineers, and conclude with a report of incidents in which arrogance came to our rescue.