Why are design flaws such a big issue in the study of vulnerability?

Design flaws are a significant issue in the study of vulnerability because they represent fundamental weaknesses introduced during the initial planning and architectural stages of a system. Unlike implementation bugs, which can often be patched, design flaws are inherent to the system's structure and can lead to widespread vulnerabilities that are difficult and costly to fix once the system is deployed.

For instance, if a system is designed without proper access control mechanisms, or if its communication protocols are inherently insecure, these foundational oversights can expose the entire system to various attacks. Remedying such flaws typically requires extensive re-architecting, which is much more expensive and disruptive than fixing coding errors. Joseph Migga Kizza's "Guide to Computer Network Security" discusses how vulnerabilities can stem from various sources, including poor design. Similarly, Pipkin emphasizes the importance of security at the foundational level, noting that neglecting security in the initial design phases can lead to systemic weaknesses. (Pipkin D (2000) Information security: protecting the global enterprise. Prentice Hall PTR, Upper Saddle River)