A software development team is building a new module for processing sensitive user data. During a design review, the security architect notes that the proposed architecture uses multiple, overlapping third-party libraries for data validation and encryption. The team argues this provides defense-in-depth, but the architect is concerned about the complexity. Which recommendation BEST aligns the design with the principle of economy of mechanism?
Isolate each of the overlapping libraries in its own containerized environment.
Ensure all library licenses are vetted and approved by the legal department.
Refactor the design to use a single, well-vetted library for each core security function.
Add an additional layer of custom encryption on top of the existing libraries.
The correct answer is to refactor the design to use a single, well-vetted library for each core security function. The principle of economy of mechanism states that security designs should be kept as simple and small as possible. Using multiple, overlapping libraries for the same function increases complexity, making the system harder to analyze, test, and secure. This complexity can introduce unforeseen vulnerabilities and increases maintenance overhead. Consolidating to a single, trusted library for a specific function simplifies the design, aligning with this principle.
Adding an additional layer of custom encryption increases complexity, directly contradicting the principle of economy of mechanism.
Isolating libraries in containers is a valid security strategy (related to separation or isolation), but it does not address the underlying complexity of having redundant components, which is the core concern of economy of mechanism.
Vetting software licenses is a critical aspect of software supply chain security and legal compliance, but it is not directly related to the technical design principle of economy of mechanism.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of economy of mechanism?
Open an interactive chat with Bash
Why does complexity increase security vulnerabilities?
Open an interactive chat with Bash
How can developers balance simplicity with functionality in secure design?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .