We describe a new variability-intensive system idea, the “self-securing software system.” We describe how such a system works using a multi-tenant cloud application as a motivating example. This supports runtime composition, detects emergent attacks and vulnerabilities, and supports runtime updating to mitigate problems. We describe recent work we have done in architecting and proof-of-concept prototypes for aspects of such systems. We then describe current limitations and future work plans to address these.