Chapter 5. Architectural Risk Analysis^[1]

Architectural Risk AnalysisArchitectural risk analysisCauses of problemsdesign flawsDefects.architectural risk analysisArchitectural risk analysisDefects.fifty/fiftyRisk analysisarchitectural level.Architectural risk analysis.Touchpointslist ofarchitectural risk analysisParts of this chapter appeared in original form in IEEE Security & Privacy magazine co-authored with Denis Verdon [Verdon and McGraw 2004].

	Architecture is the learned game, correct and magnificent, of forms assembled in the light.
	--LE CORBUSIER

Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. By explicitly identifying risk, you can create a good general-purpose measure of software security, especially if you track risk over time. Because quantifying impact is a critical step in any risk-based approach, risk analysis is a natural way to tie technology ...

Get Software Security: Building Security In now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Software Security: Building Security In by Gary McGraw

Chapter 5. Architectural Risk Analysis^[1]

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Chapter 5. Architectural Risk Analysis[1]

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Chapter 5. Architectural Risk Analysis^[1]