Preprint Open Access

Security Debt: Characteristics, Product Life-Cycle Integration and Items

Jabier Martinez; Nuria Quintano; Alejandra Ruiz; Izaskun Santamaria; Iker Martinez de Soria; José Arias


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">technical debt</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security debt</subfield>
  </datafield>
  <controlfield tag="005">20210323122723.0</controlfield>
  <controlfield tag="001">4629703</controlfield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">19-21 May 2021</subfield>
    <subfield code="g">TechDebt</subfield>
    <subfield code="a">4th International Conference on Technical Debt</subfield>
    <subfield code="c">Madrid, Spain (virtual)</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="a">Nuria Quintano</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="a">Alejandra Ruiz</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="a">Izaskun Santamaria</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="a">Iker Martinez de Soria</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="a">José Arias</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">133070</subfield>
    <subfield code="z">md5:40d513ab7366784edd8ec7f6fb472146</subfield>
    <subfield code="u">https://zenodo.org/record/4629703/files/Security_Debt__Characteristics,_Product_LifeCycle_Integration_and_Items_TechDebt2021.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="y">Conference website</subfield>
    <subfield code="u">https://2021.techdebtconf.org/</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-03-23</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o">oai:zenodo.org:4629703</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Tecnalia, Basque Research and Technology Alliance (BRTA), Spain</subfield>
    <subfield code="0">(orcid)0000-0001-8742-9640</subfield>
    <subfield code="a">Jabier Martinez</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Security Debt: Characteristics, Product Life-Cycle Integration and Items</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="a">Other (Not Open)</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;&lt;strong&gt;Security Debt: Characteristics, Product Life-Cycle Integration and Items&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Industries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.4629702</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.4629703</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">preprint</subfield>
  </datafield>
</record>
295
138
views
downloads
All versions This version
Views 295295
Downloads 138138
Data volume 18.4 MB18.4 MB
Unique views 233233
Unique downloads 117117

Share

Cite as