Security Debt: Characteristics, Product Life-Cycle Integration and Items
No Thumbnail Available
Identifiers
Publication date
2021-05
Advisors
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers Inc.
Citations
Export
Abstract
Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.
Description
Publisher Copyright: © 2021 IEEE.
Type
Citation
Martinez , J , Quintano , N , Ruiz , A , Santamaria , I , De Soria , I M & Arias , J 2021 , Security Debt : Characteristics, Product Life-Cycle Integration and Items . in Proceedings - 2021 IEEE/ACM International Conference on Technical Debt, TechDebt 2021 . Proceedings - 2021 IEEE/ACM International Conference on Technical Debt, TechDebt 2021 , Institute of Electrical and Electronics Engineers Inc. , pp. 1-5 , 4th IEEE/ACM International Conference on Technical Debt, TechDebt 2021 , Virtual, Online , Spain , 19/05/21 . https://doi.org/10.1109/TechDebt52882.2021.00009
conference
conference