Blog

Posts in category "Security Architecture"

Security Should Be Application-Specific

I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. …

Beyond Security Requirements: Secure Requirements

History shows that people are unlikely to develop or purchase secure software by accident. Back in the Dark Ages (think the 1990s), people built software and then tried to add security. This was rarely successful and frequently expensive. Progress, of a Sort As an industry, we’ve moved on to more efficient and more effective strategies, …