Security patterns: A systematic mapping study

Security patterns are a well-established means to encapsulate and communicate proven security solutions and introduce security into the development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art, which will serve as a guideline for interested researchers, practitioners, and teachers. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more in-depth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. We observe that security pattern research is an active and growing field and the patterns are increasingly being used to improve software development approaches. Pattern evaluation is currently the least explored topic by researchers and there is a lack of empirical studies in the field.