Enduring Ideas in the Realm of Software
How to address threats, attacks, vulnerabilities, and countermeasures.
Here is a draft of our Cloud Security Frame as part of our early exploration work for our patterns & practices Cloud Security Project. It’s a lens for looking at Cloud Security. The frame is simply a collection of Hot Spots. Each Hot Spot represents an actionable category for information. Using Hot Spots, you can quickly find pain and opportunities, or key decision points.
Security Hot Spots are a lens for security. If you know what you're looking for, you can find it. When you don't know what you're looking for, you can waste a lot of time. The Hot Spots provide a way to find, organize and share software security knowledge. You can use hot spots to share principles, patterns, and practices. You can also use hot spots to share knowledge around threats, attacks, vulnerabilities, and countermeasures.
Rather than deal with a laundry list of information, use hot spots to focus your attention on key categories. The Hot Spots are actionable and they are high ROI. The Hot Spots helps you simplify, clarify and gain insight before you elaborate, maximize and optimize.
Photo by CarbonNYC If it’s not broken, then don’t fix it … The problem is, you may have an approach that isn’t working, or it’s not as efficient as it could be, but you may not even know it. Let’s take a quick look at some broken approaches and get to the bottom of why …
While working on patterns & practices Security guidance, I pushed the idea of “Visual Threats and Countermeasures.” I wanted a simple way to show customers how to quickly whiteboard their application and find issues. It was very effective for finding hot spots and drilling in. Here is an example: Scenario Threats / Attacks Vulnerabilities Database …
I found an organizing frame for quality attributes (security, performance, … etc.) on SoftwareArchitectures.com and I think it’s helpful. They organize quality attributes by the following: Runtime system qualities Non-runtime system qualities Business qualities Architecture qualities Domain specific qualities. Quality Attribute Frame This table shows an example of some quality attributes organized by the Quality …
