Managing security debt across PLC phases in a VSE context

Xabier Larrucea, Izaskun Santamaria, Borja Fernandez-Gauna

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)

Abstract

Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.

Original languageEnglish
Article numbere2214
JournalJournal of software: Evolution and Process
Volume32
Issue number3
DOIs
Publication statusPublished - 1 Mar 2020

Keywords

  • ISO/IEC 29110
  • assurance case
  • safety
  • security
  • technical debt

Fingerprint

Dive into the research topics of 'Managing security debt across PLC phases in a VSE context'. Together they form a unique fingerprint.

Cite this