Security patterns are a well-established means to encapsulate and communicate proven security solutions and introduce security into the development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art, which will serve as a guideline for interested researchers, practitioners, and teachers. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more in-depth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. We observe that security pattern research is an active and growing field and the patterns are increasingly being used to improve software development approaches. Pattern evaluation is currently the least explored topic by researchers and there is a lack of empirical studies in the field.

安全模式是一种完善的方法，用于封装和交流经过验证的安全解决方案，并将安全性引入开发过程。我们的目标是探索有关安全模式的研究工作，并讨论当前的技术水平，这将为感兴趣的研究人员，从业人员和教师提供指导。从1997年至2017年底，我们对相关文献进行了系统的作图研究，确定了403篇相关论文，其中274篇是根据质量标准选择进行分析的。这项研究从文献中已建立的系统方法中得出了定制的研究策略。前三个研究问题针对安全模式研究的人口统计，例如主题分类，趋势以及学术界和行业之间的分布，以及著名的研究人员和场所。接下来的9个研究问题集中于更深入的分析，例如模式表示符号和分类标准，模式评估技术以及模式使用环境。我们注意到，安全模式研究是一个活跃且不断发展的领域，并且越来越多地使用这种模式来改进软件开发方法。模式评估是目前研究人员研究最少的话题，并且该领域缺乏实证研究。我们注意到，安全模式研究是一个活跃且不断发展的领域，并且越来越多地使用这种模式来改进软件开发方法。模式评估是目前研究人员研究最少的话题，并且该领域缺乏实证研究。我们注意到，安全模式研究是一个活跃且不断发展的领域，并且越来越多地使用这种模式来改进软件开发方法。模式评估是目前研究人员研究最少的话题，并且该领域缺乏实证研究。