Ashley Walker's Blog

The Asbestos home builder: The project behind the analogy – non-tech readers

, , ,

Bridging the Analogy to Reality

Tom’s story might seem like just a cautionary tale for construction, but the lessons extend far beyond bricks and mortar. In software development, I’ve seen firsthand how these same shortcuts manifest—with consequences that are just as alarming. Let me share an example from a project I reviewed to illustrate this point.

The Initial Review: Problems Uncovered

When I first examined this project, I didn’t expect a déjà vu moment—but that’s exactly what I got. This was the same project where I previously uncovered glaring authentication issues, without having access to the source code. It felt eerily familiar, as if I’d walked onto a construction site where a foundation had been laid incorrectly, but no one noticed until cracks started showing.

I had previously identified some troubling signs without seeing the inner workings of the system—like spotting gaps in a building’s insulation just by feeling the draft. Now, stepping inside the codebase, those concerns were fully exposed, revealing systemic flaws rather than minor issues.

In just 45 minutes of reviewing the structure, the problems became undeniable. This wasn’t just a case of bad luck—this was poor craftsmanship at every level. And like a rushed construction job, these issues weren’t random mistakes; they were repeated patterns of negligence.

To make sense of it all, I grouped the problems into three major categories:

  1. Legal Risks – Copyright violations and leaked customer data.
  2. Security Gaps – Weak protections allowing unauthorized access.
  3. Quality Concerns – Shoddy workmanship affecting reliability and maintenance.

Legal Risks: The Hidden Traps

Imagine if a home builder copied plans from a competitor without permission—that’s exactly what happened here. Key parts of the software were lifted directly from online sources, without proper licensing, exposing the company to serious legal consequences.

One particularly troubling discovery? The system contained confidential client data from previous projects—imagine if a lawyer kept private contracts from past clients and mistakenly shared them with new ones, exposing sensitive business details that should never have been retained.

The Business Impact:
🚨 Legal Liability: If discovered, the company could face lawsuits and penalties for intellectual property violations.
🚨 Reputation Damage: Clients and partners may lose trust, seeing the company as negligent or irresponsible.
🚨 Operational Risk: Poor data management violates compliance standards, potentially leading to fines or regulatory scrutiny.

Just as a builder ignoring contractual agreements can lead to legal disputes and reputational harm, software companies who fail to follow licensing rules risk significant financial consequences. Beyond legal disputes, failing to manage intellectual property properly can lead to reputational damage and significant financial penalties—just like an unauthorised building project that violates city by-laws.

Security Gaps: Unlocked Doors & Open Windows

Security issues in software are like bad locks on a house—anyone who jiggles the handle could break in. This system had hardcoded master keys—meaning a well-known password was built directly into the software, allowing anyone with knowledge of it to gain complete control.

It also lacked basic safety measures, like validating what users entered. Imagine an apartment complex with no screening at the front door—allowing anyone to enter, carry in whatever they wanted, and even leave the doors wide open for intruders. Which could mean intruders can now walk up to filing cabinets containing financial records, altered transaction data, or even fraudulent activities—all without the business realising until it’s too late.

Quality Concerns: Unfinished & Unreliable

A poorly built house is frustrating—it has doors that don’t close properly, light switches that don’t work, and plumbing that leaks. In the same way, this software lacked documentation, testing, and structured organisation, making future maintenance nearly impossible.

Imagine if your business relied on a bespoke system for calculating commission, but every single time a minor software update was made, your team had to manually check and verify that the calculations were still correct. Over time, this becomes a repetitive, costly, and error-prone process, draining valuable time and resources that could be better spent elsewhere.

Making matters worse, key components were altered by hand instead of using proper tools—like if a builder carved wood studs manually instead of using standardised parts. This meant future updates could break the entire system, just like adding a second floor onto an unstable home.

Without proper quality controls, every change becomes a gamble, forcing businesses to constantly verify functionality, leading to inefficiency, frustration, and unnecessary risk. Every error discovered using these manual processes creates inefficiencies that slow teams down and increase operational costs. Over time, this makes critical systems unreliable—just like a structure built with unstable materials.

The Bottom Line for Non-Technical Stakeholders

Cutting corners in software development is just as dangerous as in construction. While the problems might not be visible to the naked eye, they accumulate over time, leading to:
🚨 Legal liability from stolen intellectual property.
🚨 Security breaches exposing critical business data.
🚨 Ongoing maintenance headaches due to fragile foundations.

Fixing these problems later is exponentially more costly—just like removing asbestos, reinforcing weak walls, or replacing water-damaged flooring long after the job is done.

Technical Pitfalls: The Cracks Beneath the Surface

When renovating a house, the biggest problems often aren’t the ones you can see—they’re the hidden issues beneath the surface. Poorly installed plumbing, unsafe wiring, or unstable foundations might not cause immediate trouble, but over time, they lead to disaster.

The same thing happens with software development. If critical safeguards—like authentication security, tracking user actions, and validating data—aren’t properly implemented, the system becomes unpredictable, vulnerable, and costly to fix.

Here’s how those unseen cracks appeared in this project.

1. Authentication1: The Front Door Left Wide Open

A secure authentication system should be unique to each organisation, ensuring that only authorised individuals can access sensitive data.

But in this case, instead of creating a secure and exclusive entry system, the company purchased a lock that is used across multiple buildings (that are not affiliated) in the region—meaning that anyone with a key from another property could also access theirs.

Even worse, they didn’t change the default master key—so anyone who knew the commonly used code could walk straight in without restrictions. This isn’t just an oversight—it’s a fundamental failure in access control, leaving the system vulnerable to anyone who understands its weak points.

The Business Risk:

  • If a hacker exploited this flaw, it could jeopardise the entire system, exposing financial records, customer information, and proprietary data.
  • Unauthorised users could gain access to sensitive business data, leading to security breaches.
  • Failing to secure authentication properly puts the organisation at risk of external attacks.

2. Lack of Logging2: No Way to Track Suspicious Activity

In a well-secured office building, every entry and exit is tracked, or has cameras that record—so if someone sneaks in after hours, security teams can review logs to investigate. In this system, however, no tracking was implemented at all—meaning that if someone hacked into it, there would be no evidence of what happened.

The Business Risk:

  • Any legal investigation would lack proper documentation, making it hard to defend against claims.
  • If a breach occurred, there would be no way to know what was stolen or who was responsible.
  • Fraudulent transactions or unauthorised changes could go completely unnoticed.

3. Input Validation3: Letting Anything Through

Imagine a facility that stores volatile materials but doesn’t enforce proper safety measures. Over time, fuel, accelerants, and oxidisers end up sitting right next to faulty equipment—a potential ignition source just waiting for a spark.

That’s exactly what happened in this software system—dangerous combinations of unchecked data inputs created hidden risks, where a single failure could trigger widespread damage.

For example:

  • Files of any format could be uploaded—including harmful or corrupt ones, posing an immediate threat.
  • Invalid or malformed data could be entered without restriction, leading to critical system failures.

Without proper validation, the system became an environment where small errors could escalate into major disasters.

The Business Risk:

  • A cybercriminal could inject malware, spreading through the system and disrupting operations.
  • Customers using the platform might experience unpredictable glitches, damaging trust in the business.
  • In regulatory audits, the lack of proper checks could violate compliance laws, leading to financial penalties or legal scrutiny.

Just like failing to enforce safe storage procedures in a hazardous environment, ignoring input validation creates unpredictable and costly risks that may not surface until it’s too late.

4. Inconsistent Code & No Testing4: A System Without a Clear Structure

A well-built home follows a detailed plan, ensuring that every stud, pipe, and wire is installed correctly. But this system? It was a mix of different construction methods, with parts patched together from various sources—sometimes wood, sometimes steel, and sometimes completely mismatched.

Some parts of the code were automatically generated, like a food slicer perfectly cutting vegetables into uniform pieces. But then, instead of trusting the slicer, someone manually took a knife to certain pieces, making additional cuts that weren’t precise. The result? Inconsistent slices, a loss of efficiency, and unpredictable results.

Even worse, the developers hadn’t tested anything properly—meaning every new change posed a high risk of breaking the system, just like trying to assemble a meal with unevenly chopped ingredients that don’t cook consistently.

The Business Risk:

  • Every future update could introduce new problems, increasing maintenance costs.
  • Developers would struggle to fix issues quickly, leading to longer downtimes.
  • Without proper testing, the system might fail at a critical moment, disrupting operations and damaging reliability.

If left unchecked, the fragility of the system would continue to compound, making maintenance more expensive and unpredictable—just like an unstable construction project that needs constant reinforcement.

The Bottom Line for Business Leaders

Neglecting quality and security in software development is no different from ignoring defects in a building—small issues may seem insignificant at first, but over time, they escalate into costly failures, putting the business at risk.

To avoid these pitfalls:

  • Ensure authentication systems are secure, unique, and source code is properly licensed.
  • Implement logging to track security events and detect breaches early.
  • Validate all inputs to prevent faulty or malicious data from entering the system.
  • Maintain consistent, well-tested code to ensure long-term reliability and stability.

The cost of fixing these problems after failure is far higher than the investment required to build security and reliability from the start—whether in construction or software development.

Lessons Learned: Connecting the Analogy to Real-World Consequences

This project reinforced a critical lesson: whether you’re building a house or a software system, cutting corners may seem like an efficient solution in the short term, but it almost always leads to long-term problems.

Just as Tom the Builder prioritised speed and cost over quality and safety, this software project sacrificed best practices for quick delivery—resulting in a fragile foundation riddled with hidden risks.

The issues uncovered—unlicensed copy-paste code, hardcoded credentials, missing security logging, and lack of proper validation—are eerily similar to the mistakes made in the analogy from the first post in this series.

Think about it like this:

  • A rushed home renovation might leave behind asbestos, unsealed pipes, and poor insulation—all of which become expensive to fix down the line.
  • A rushed software development project introduces security vulnerabilities, unpredictable system failures, and legal risks—causing financial and reputational damage later.

The problems in this project weren’t just surface-level; they were deeply ingrained and systemic. That meant not just fixing one issue, but restructuring the entire system—just as a flawed foundation doesn’t can’t be fixed with patchwork repairs—it often demands costly rebuilds. In business, that means expensive software overhauls, extended downtime, and loss of trust among customers and stakeholders.

Why This Matters for Business Leaders

Executives and decision-makers often focus on deadlines and budgets, but here’s the balance considerations:

🚨 Rushing software development leads to long-term business liabilities.
🚨 The cost of fixing these mistakes later is exponentially higher than investing in quality upfront.
🚨 Legal and security risks aren’t just IT problems—they impact brand reputation and financial stability.

Would you cut corners on a commercial building project that puts people’s safety at risk? Of course not. So why take similar risks with software, which protects customer data, business transactions, and financial assets?

Breaking the Cycle: How Businesses Can Avoid This Problem

If there’s one major takeaway from this project, it’s this: attention to detail and a commitment to quality aren’t optional—they’re essential.

To avoid making the same costly mistakes, businesses should:

  • Prioritise software security the same way they prioritise workplace safety.
  • Ensure compliance with intellectual property laws to prevent legal disputes and financial penalties.
  • Invest in quality assurance and testing to prevent unexpected failures.
  • Make strategic decisions based on long-term sustainability, not just short-term speed.

Just as Tom the Builder’s shortcuts led to disaster, software projects that ignore security, reliability, and compliance will eventually fail—often in the most damaging ways possible.

The next post in this series will focus on practical strategies to avoid these pitfalls and build software systems that last—the same way a well-constructed home withstands decades of use.

Part 1 – The Asbestos home builder: A tale of cutting corners
Part 2 – Technical – The project behind the analogy
Part 3 – Strategies for Improvement

Terms and Definitions

  1. Authentication is: the process by which a system identifies who you are, in relation to the system. It may be coupled with an Authorisation system which is responsible for permitting actions and access. ↩︎
  2. Logging is: simply the sequential notes of what a user, or system is doing. Usually sorted by time and helps answer: Who did this, What did they do, When did they do it, Where did they do it from. ↩︎
  3. Input Validation is: checking that anything handed to the system conforms to defined specifications. ↩︎
  4. Testing in software development refers to several types that span from Automated Testing to Manual testing. In most cases, automated testing is a bare minimum for critical sections of functionality, and documented testing for manual processes is highly regarded. ↩︎