The software architecture is one of the most important artifacts created in the lifecycle of an application. Architectural decisions directly impact the achievement of business goals, as well as functional and quality requirements. Yet once the architecture has been designed, most architectural descriptions are seldom verified or maintained over time. Architecture compliance checking is a sound application risk management strategy that can detect deviations between the intended architecture and the implemented architecture.
The ability to detail such deviations is an effective method to proactively identify system weakness and vulnerabilities. The CAST Architecture Checker document provides a review of the increasing challenges to architectural compliance along with a brief walkthrough of some of its capabilities.
Architectural challenges impacting application risks:
- Complexity – as the system evolves its complexity increases unless proactive steps are taken.
- Ivory tower – grand designs come down from the top with little implementation guidance.
- Developer/architect disconnect – neither can understand each other’s work, and there’s no way to check.
- Big architecture in an agile world – trying to do everything upfront when an evolutionary approach is needed.