Abstract: Security is a crucial non-functionality requirement for software applications. However, building secure software is far from trivial as developers lack both the knowledge and tools to effectively address this concern. In this paper, we study the impact of changes to improve security on the maintainability of several open source applications. Using a dataset containing 607 security- oriented commits, we measure maintainability — as computed by the Software Improvement Group’s web-based source code analysis service Better Code Hub (BCH) — before and after the security refactoring. Results show that making software more secure comes at a cost on maintainability. This is particularly evident in refactorings to deal with Broken Authentication and Cross-Site Request Forgery attacks.