Will be doing a talk called "9 Things Every Software Architect Should Know About Security" in Minnesota on August 6, for the Twin Cities Software Architect group, location and details on how to attend.
9 Things Every Software Architect Should Know About Security
The 3 biggest problems in security are lack of education, lack of education, and lack of education. We have a situation where systems are breached on a regular basis that's caused by developers not knowing enough about security and security people not knowing enough about software. Who is in the best position to resolve this? Software architects are supposed to be in charge of marshaling non-functional requirements like usability, performance and *security* into the distribution builds, but too often security means "firewalls + SSL", this clearly is not getting it done.
This sessions will look at 9 practical things every software architect can do to improve security in the software systems they are building.