The Risk Associated with "Building Your Own"

Developers don't always find the security they need for an application within the security toolset provided by a platform or built into a framework. As a result, "building your own security" is not uncommon among development projects. This is especially true if the application is a replacement of an existing system that uses a non-standard security infrastructure. An example for this would be a database table based authentication and authorization combined with user provisioning and resource granting at runtime.

The risk associated with building your own security is that you are also on your own when it comes to: quality assurance of the security layer, application security propagation, and single sign-on; as well as being responsible for bug fixing and maintaining the security layer.

Not all developers are security experts, but it takes experts to build a custom security layer.

Time spent investigating existing and well vetted security solutions is probably time well spent. It is easier and more cost-effective to apply existing solutions to custom applications than to create an error-prone, self written mechanism.