At the end of your textbook on page 385, the author mentions several “encouraging security architecture developments”:
- The Open Group has created an Enterprise Security Architect certification. One of their first certified architects has subsequently created a few enterprise security reference architectures.
- The SANS Institute hosted three “What Works in Security Architecture” Summits.
- The IEEE initiated a Center for Secure Design. The Center published a “Top 10 Design Flaws” booklet.
- Adam Shostack published Threat Modeling: Designing for Security, and renown threat modeler, John Steven, has told me that he’s working on his threat modeling book.
- Anurag Agrawal of MyAppSecurity has been capturing well-known attack surfaces and their technical mitigations within his commercial threat modeling tool, “Threat Modeler.”
Choose 2 or 3 three items from the list above and provide an update to their development status. Make sure you provide some background on your selection and then provide the update of the development.