Security principles for the working architect
As our world becomes digital, we all need to be developing systems that are secure by design. The security community has developed a well-understood set of principles used to build secure systems, but they are rarely discussed outside that community. Eoin Woods outlines these fundamental principles of secure software design and explains how to apply them to mainstream systems.
| Talk Title | Security principles for the working architect |
| Speakers | Eoin Woods (Endava) |
| Conference | O’Reilly Software Architecture Conference |
| Conf Tag | Engineering the Future of Software |
| Location | New York, New York |
| Date | February 4-6, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Security is an ever more important topic for system designers. As our world becomes digital, today’s safely hidden back office system is tomorrow’s public API, open to anyone on the internet with a hacking tool and time on their hands. So the days of hoping that security is someone else’s problem are over. The security community has developed a well-understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers, who assume that it’s only relevant to security specialists. Even when principles are explained, they’re often shrouded in the jargon of the security engineering community, and so mainstream developers struggle to understand and apply them. Eoin Woods explains why secure design matters and then introduces a set of 10 of the most important proven principles for designing secure systems, distilled from the wisdom of the security engineering community. He discusses each principle in the context of mainstream system design, rather than in the specialized language of security engineering, focusing on how it’s applied in practice to improve security.
