Different contexts require different levels of rigour. Not everything needs the same security mindset — but you always need to know which context you’re in.
- Personal project — experiment freely, try new tools, move fast. This is where you learn
- Proof of concept — be aware it might become production code. Many PoCs do. Treat it accordingly
- Professional / production code — supply chain attacks, data breaches, and embarrassing results affect your company and your clients. This is where standards are non-negotiable
Adjust your rigour to the context. But never confuse one context for another.