Recent security breaches show the need to secure large, distributed, complex systems.
A fundamental, but little discussed aspect of security is how to evaluate when a complete system
is secure. Purely formal methods cannot handle this level of complexity. Code checking does not
consider the interaction of separate modules working together and is hard to scale. Model-based
approaches, such as patterns and problem frames, can be effective for handling large systems. Their
use in evaluating security appears promising. A few works in this direction exist, but there is a need
for more ideas. This Special Issue focuses on global, model-based, architectural, and systems-oriented
evaluation methods.