Managing security debt across PLC phases in a VSE context

Xabier Larrucea; Izaskun Santamaria; Borja Fernandez-Gauna

doi:10.1002/smr.2214

Managing security debt across PLC phases in a VSE context

Xabier Larrucea^*, Izaskun Santamaria, Borja Fernandez-Gauna

^*Autor correspondiente de este trabajo

TECNALIA Research & Innovation

Producción científica: Contribución a una revista › Artículo › revisión exhaustiva

4 Citas (Scopus)

Resumen

Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.

Idioma original	Inglés
Número de artículo	e2214
Publicación	Journal of software: Evolution and Process
Volumen	32
N.º	3
DOI	https://doi.org/10.1002/smr.2214
Estado	Publicada - 1 mar 2020

Acceder al documento

10.1002/smr.2214

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

@article{41466665a3fa43a2b36001501c9386bb,

title = "Managing security debt across PLC phases in a VSE context",

abstract = "Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.",

keywords = "ISO/IEC 29110, assurance case, safety, security, technical debt",

author = "Xabier Larrucea and Izaskun Santamaria and Borja Fernandez-Gauna",

note = "Publisher Copyright: {\textcopyright} 2019 John Wiley & Sons, Ltd.",

year = "2020",

month = mar,

day = "1",

doi = "10.1002/smr.2214",

language = "English",

volume = "32",

journal = "Journal of software: Evolution and Process",

issn = "1532-060X",

publisher = "John Wiley and Sons Ltd",

number = "3",

}

TY - JOUR

T1 - Managing security debt across PLC phases in a VSE context

AU - Larrucea, Xabier

AU - Santamaria, Izaskun

AU - Fernandez-Gauna, Borja

PY - 2020/3/1

Y1 - 2020/3/1

N2 - Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.

AB - Nowadays, security and safety aspects are two of the major concerns for any software system development, especially while developing safety critical systems. This is especially relevant for very small entities because they have a limited amount of resources for dealing with all these aspects at the same time. In addition, these systems are highly regulated domains, and they involve a huge set of standards focused on safety and security-related issues. Therefore, these small entities are not only facing hurdles related to technical aspects but also from the so-called technical debt when overarching a critical development. This paper extends the assurance cases approach by integrating security aspects within the life cycle, and it proposes a framework for managing the associated security technical debt for very small entities. A tool chain is outlined, and the approach is illustrated with an industrial use case.

KW - ISO/IEC 29110

KW - assurance case

KW - safety

KW - security

KW - technical debt

UR - http://www.scopus.com/inward/record.url?scp=85080983685&partnerID=8YFLogxK

U2 - 10.1002/smr.2214

DO - 10.1002/smr.2214

M3 - Article

AN - SCOPUS:85080983685

SN - 1532-060X

VL - 32

JO - Journal of software: Evolution and Process

JF - Journal of software: Evolution and Process

IS - 3

M1 - e2214

ER -

Managing security debt across PLC phases in a VSE context

Resumen

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto