Ask HN: How do you balance security with fast development?

Plan ahead for security, be sure you have a plan for authorization and authentication. (Often this is something people think about last because they aren’t really interested in it, don’t be that guy.) Use memory safe languages. Doing things right is not necessarily the enemy of getting them done quickly because boy you can waste time when you don’t know what they are doing.

Make sure that safe defaults exist, don’t expect people to reinvent wheels safely, and try to use collaborative and well-informed validation of choices rather than stage gates with all the normal queuing problems, automate security checks into local build phase if you have it, make sure that nonsense CI based security checks can be overridden by sane people, and keep track of tech debt and try to work it down consistently.