Managing security debt across PLC phases in a VSE context

Larrucea, Xabier; Santamaria, Izaskun; Fernandez-Gauna, Borja

Managing security debt across PLC phases in a VSE context

Identifiers

URI: https://hdl.handle.net/11556/3561

ISSN: 1532-060X

DOI: 10.1002/smr.2214

Publication date

2020-03-01

Authors

Larrucea, Xabier

Santamaria, Izaskun

Fernandez-Gauna, Borja

Citations

Export

Abstract

Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.

Description

Keywords

assurance case , ISO/IEC 29110 , safety , security , technical debt , Software

Type

journal article

Citation

Larrucea , X , Santamaria , I & Fernandez-Gauna , B 2020 , ' Managing security debt across PLC phases in a VSE context ' , Journal of software: Evolution and Process , vol. 32 , no. 3 , e2214 . https://doi.org/10.1002/smr.2214

Full item page