International audienceSecurity patterns are reusable solutions, which enable the design of maintainable systems or applications that have to meet security requirements. The generic nature of security patterns and their growing number make their choices difficult, even for experts in software design. We propose to contribute in this issue by presenting a methodology of security pattern classification based upon data integration. The classification exhibits relationships among 215 software attacks, 66 security principles and 26 security patterns. It expresses pattern combinations, which are countermeasures to a given attack. This classification is semi-automatically inferred by means of a data-store integrating disparate publicly available security data. Besides pattern classification, we show that the data-store can be used to generate Attack Defence Trees. In our context, these illustrate, for a given attack, its sub-attacks, steps, techniques and the related defences given under the form of security pattern combinations. Such trees make the pattern classification more readable even for beginners in security patterns
