Defensive code is instructions added to software for the purpose of hardening it against uncontrolled failures and security problems. It is often assumed that defensive code causes a significant reduction in software performance, which justifies its omission from all but the most security-critical applications. We performed an experiment to measure the application- level performance impact of seven defensive code options on two different workloads in four different environments. Of the seven options, only one yielded clear evidence of a significant reduction in performance; the main effects of the other six were either materially or statistically insignificant.
Defensive code's impact on software performance, Technical Note (NIST TN), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.TN.1860
(Accessed September 26, 2023)