Our society depends more and more on cyber-physical systems. In the near future, integrated use of Internet-of-Things, cloud services, 5G technologies, and novel Artificial Intelligence techniques enable massive and timely use of data in various new services. This trend increases demands for evidence-driven built-in systematic cybersecurity approaches for software architectures. Early evidence of cyber risks, attacks and vulnerabilities enables efficient and effective security solutions.

Security measurement of software architectures is needed to produce sufficient evidence of security level as early as in the design phase. Design-time security measuring should support "security by design" approach. Moreover, software architectures have to support runtime security measurement to obtain up-to-date security information from an online software system, service or product. Security metrics and measurements are exploited in situational awareness monitoring and self-adaptive security solutions. The area of security metrics and security assurance metrics research is evolving, but still lacks widely accepted metrics definitions and applicable measuring techniques. Strong collaboration between security experts, software architects, and system developers is needed.