May 5, 2015
While software security is an increasing concern for software and system architects, few architects approach this quality concern strategically. Architects and developers primarily focus on functionality, and security is often applied as a band-aid solution after an application has been developed. In the second talk we report on three case studies of real-world projects—two industrial and one open-source—where we attempted to measure the consequences of various architectural approaches to security. The results of our case studies indicate that a strategic, system-wide, architectural approach to security, implemented as a security framework, results in the best outcome from both security and maintenance cost perspectives.