4th International Workshop On Measurability Of Security In Software Architectures (Messa 2017)

Cybersecurity incidents are increasing, and at the same time, our society depends more and more on cyber-physical systems. Systematic approaches to measure cybersecurity are needed in order to support efficient construction and maintenance of secure software systems. Security measurement of software architectures is needed to produce sufficient evidence of security level as early as in the design phase. Design-time security measuring should support "security by design" approach. Moreover, software architectures have to support runtime security measurement to obtain up-to-date security information from an online software system, service or product. Security metrics and measurements are exploited in situational awareness monitoring and self-adaptive security solutions. The area of security metrics and security assurance metrics research is evolving, but still lacks widely accepted metrics definitions and applicable measuring techniques. Strong collaboration between security experts, software architects and system developers is needed to address this. MeSSa2017 workshop addresses these and other related topics to increase the importance of the overall picture, requiring sets of design patterns, measurements, metrics, best practices, and means to integrate this cost-effectively in the overall design and operational profiles.The outcome of the workshop will be an increased shared understanding of challenges and opportunities in systematic approaches to measure cybersecurity, which are needed in order to support efficient construction and maintenance of secure software systems.