Things that change together go together. This design heuristic should be emphasized a lot more.
Use abstraction, automation, and intuition to deal with size and complexity.
Models can be created along two axis: the abstraction level, or the meta level.
We’ve investigated two tools for our threat model. Here is an overview of both tools (from Microsoft) and our experience with them. Threat Modeling Tool The first tool supports system modelling with the definition of Entry Points, Trust Levels, Protected Resources, plus some general background information. Data Flows can be authored directory with the tool… Continue reading Threat modeling: tools in practice
Threat Modelling is a process of assessing and documenting a system's security risks. The threat model identifies and describes the set of possible attacks to your system, as well as mitigation strategies and countermeasures. Your security threat modelling efforts also enable your team to justify security features within a system, or security practices for using… Continue reading Threat modeling: overview
This book presents the primitives that make up distributed systems - network and link abstractions, broadcast abstractions, consensus abstractions. A worthy read if you work in distributed systems.
This book is a collection of 97 articles, written by various authors, about software engineering and architecture. The articles are short (no more than 2 pages) and easy to read. Each one is focused on one principle. The book is not a definitive receipe on how to conduct a project and be sucessful. It's rather… Continue reading 97 Things Every Software Architect Should Know