Sharp Edges Analysis

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

When to Use

• Reviewing API or library design decisions
• Auditing configuration schemas for dangerous options
• Evaluating cryptographic API ergonomics
• Assessing authentication/authorization interfaces
• Reviewing any code that exposes security-relevant choices to developers

When NOT to Use

• Implementation bugs (use standard code review)
• Business logic flaws (use domain-specific analysis)
• Performance optimization (different concern)

Core Principle