Improving security

Going forward, one of the major questions you have to ask of your frameworks is how secure are the applications built with that solution. StrataCode lets you reduce the number of frameworks and framework patterns in your solution, replacing libraries with code-generation patterns. I believe this approach improves the strength of the patterns you do use. Framework code can be built to establish secure defaults, and enforce code boundary contraints at the structure level. Frameworks can improve security by having a global view of all application code: creating lists of all queries, all public web pages, all exposed rpc methods and using those lists to build contracts enforced by your database, proxy etc. Set default annotations at the layer, class, or property level so code does the right thing by default. Use layer sandboxes to expose just the right public apis, and enforce the just right security constraints for the role of that portion of the code. Today, it's common practice to use byte-code enhancement on your compiled code to insert security and monitoring. You can do the same thing and more with code-processing because the result is readable and debuggable.