Preprint Open Access

Security Debt: Characteristics, Product Life-Cycle Integration and Items

Jabier Martinez; Nuria Quintano; Alejandra Ruiz; Izaskun Santamaria; Iker Martinez de Soria; José Arias


DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
  <identifier identifierType="DOI">10.5281/zenodo.4629703</identifier>
  <creators>
    <creator>
      <creatorName>Jabier Martinez</creatorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0001-8742-9640</nameIdentifier>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
    <creator>
      <creatorName>Nuria Quintano</creatorName>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
    <creator>
      <creatorName>Alejandra Ruiz</creatorName>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
    <creator>
      <creatorName>Izaskun Santamaria</creatorName>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
    <creator>
      <creatorName>Iker Martinez de Soria</creatorName>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
    <creator>
      <creatorName>José Arias</creatorName>
      <affiliation>Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</affiliation>
    </creator>
  </creators>
  <titles>
    <title>Security Debt: Characteristics, Product Life-Cycle Integration and Items</title>
  </titles>
  <publisher>Zenodo</publisher>
  <publicationYear>2021</publicationYear>
  <subjects>
    <subject>security</subject>
    <subject>technical debt</subject>
    <subject>security debt</subject>
  </subjects>
  <dates>
    <date dateType="Issued">2021-03-23</date>
  </dates>
  <language>en</language>
  <resourceType resourceTypeGeneral="Preprint"/>
  <alternateIdentifiers>
    <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/4629703</alternateIdentifier>
  </alternateIdentifiers>
  <relatedIdentifiers>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.4629702</relatedIdentifier>
  </relatedIdentifiers>
  <rightsList>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
  </rightsList>
  <descriptions>
    <description descriptionType="Abstract">&lt;p&gt;&lt;strong&gt;Security Debt: Characteristics, Product Life-Cycle Integration and Items&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.&lt;/p&gt;</description>
  </descriptions>
</resource>
295
138
views
downloads
All versions This version
Views 295295
Downloads 138138
Data volume 18.4 MB18.4 MB
Unique views 233233
Unique downloads 117117

Share

Cite as