PROFES 2024
Mon 2 - Wed 4 December 2024 Tartu, Estonia

Background: Implementing security standards is important to ensure proper functioning and avoid malicious attacks. Neglecting security can lead to Security Debt (SD), which can be disruptive. However, the industry does not have a generally accepted definition of SD thus far. Aims: This exploratory case study aims to provide a definition of SD, to find the relation between SD and Technical Debt (TD), to find the difference between SD and security vulnerabilities, and to identify SD accumulation patterns. Method: We interviewed 26 software practitioners from an international conglomerate of several software companies. Results: We propose a multifaceted SD definition. SD is a subset of TD, and security vulnerabilities have, to a varying degree, been shown to be part of SD. Conclusion: Our results can provide a clearer view of how practitioners perceive SD, facilitating its management.

Tue 3 Dec

Displayed time zone: Athens change

16:00 - 17:30
PROFES Session 6: Technical DebtIndustry Papers / Research Papers at UT Library - Room 3 (Seminar Room Kodavere)
Chair(s): Eriks Klotins Blekinge Institute of Technology
16:00
18m
Research paper
Defining Security Debt: a case study based on practice
Research Papers
Maren Maritsdatter Kruke Visma software international AS, Antonio Martini University of Oslo, Norway, Daniela S. Cruzes NTNU, Monica Iovan Visma
16:18
18m
Research paper
From Reinvention to Reuse: An Empirical Example Study On Technical Debt Dataset
Research Papers
Leevi Rantala University of Oulu, Mika Mäntylä University of Helsinki and University of Oulu, Murali Sridharan
16:36
18m
Industry talk
An Automated Approach to Identify Source Code Files Affected by Architectural Technical Debt
Industry Papers
Armando Soares Sousa , Lincoln Rocha Federal University of Ceará, Ricardo Britto Ericsson / Blekinge Institute of Technology, Guilherme Amaral Avelino Federal University of Piaui
16:54
36m
Talk
Session 6 Discussion
Research Papers