Managing security debt across PLC phases in a VSE context
| dc.contributor.author | Larrucea, Xabier | |
| dc.contributor.author | Santamaria, Izaskun | |
| dc.contributor.author | Fernandez-Gauna, Borja | |
| dc.contributor.institution | Tecnalia Research & Innovation | |
| dc.contributor.institution | SWT | |
| dc.date.accessioned | 2024-07-24T12:05:28Z | |
| dc.date.available | 2024-07-24T12:05:28Z | |
| dc.date.issued | 2020-03-01 | |
| dc.description | Publisher Copyright: © 2019 John Wiley & Sons, Ltd. | |
| dc.description.abstract | Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case. | en |
| dc.description.status | Peer reviewed | |
| dc.identifier.citation | Larrucea , X , Santamaria , I & Fernandez-Gauna , B 2020 , ' Managing security debt across PLC phases in a VSE context ' , Journal of software: Evolution and Process , vol. 32 , no. 3 , e2214 . https://doi.org/10.1002/smr.2214 | |
| dc.identifier.doi | 10.1002/smr.2214 | |
| dc.identifier.issn | 1532-060X | |
| dc.identifier.uri | https://hdl.handle.net/11556/3561 | |
| dc.identifier.url | http://www.scopus.com/inward/record.url?scp=85080983685&partnerID=8YFLogxK | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Journal of software: Evolution and Process | |
| dc.rights | info:eu-repo/semantics/restrictedAccess | |
| dc.subject.keywords | assurance case | |
| dc.subject.keywords | ISO/IEC 29110 | |
| dc.subject.keywords | safety | |
| dc.subject.keywords | security | |
| dc.subject.keywords | technical debt | |
| dc.subject.keywords | Software | |
| dc.title | Managing security debt across PLC phases in a VSE context | en |
| dc.type | journal article |