TY - GEN
T1 - Security Debt
T2 - 4th IEEE/ACM International Conference on Technical Debt, TechDebt 2021
AU - Martinez, Jabier
AU - Quintano, Nuria
AU - Ruiz, Alejandra
AU - Santamaria, Izaskun
AU - De Soria, Iker Martinez
AU - Arias, Jose
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.
AB - Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.
KW - security
KW - security debt
KW - technical debt
UR - http://www.scopus.com/inward/record.url?scp=85114808598&partnerID=8YFLogxK
U2 - 10.1109/TechDebt52882.2021.00009
DO - 10.1109/TechDebt52882.2021.00009
M3 - Conference contribution
AN - SCOPUS:85114808598
T3 - Proceedings - 2021 IEEE/ACM International Conference on Technical Debt, TechDebt 2021
SP - 1
EP - 5
BT - Proceedings - 2021 IEEE/ACM International Conference on Technical Debt, TechDebt 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 May 2021 through 21 May 2021
ER -