Background: Implementing security standards is important to ensure proper functioning and avoid malicious attacks. Neglecting security can lead to Security Debt (SD), which can be disruptive. However, the industry does not have a generally accepted definition of SD thus far. Aims: This exploratory case study aims to provide a definition of SD, to find the relation between SD and Technical Debt (TD), to find the difference between SD and security vulnerabilities, and to identify SD accumulation patterns. Method: We interviewed 26 software practitioners from an international conglomerate of several software companies. Results: We propose a multifaceted SD definition. SD is a subset of TD, and security vulnerabilities have, to a varying degree, been shown to be part of SD. Conclusion: Our results can provide a clearer view of how practitioners perceive SD, facilitating its management.
Tue 3 DecDisplayed time zone: Athens change
16:00 - 17:30 | PROFES Session 6: Technical DebtIndustry Papers / Research Papers at UT Library - Room 3 (Seminar Room Kodavere) Chair(s): Eriks Klotins Blekinge Institute of Technology | ||
16:00 18mResearch paper | Defining Security Debt: a case study based on practice Research Papers Maren Maritsdatter Kruke Visma software international AS, Antonio Martini University of Oslo, Norway, Daniela S. Cruzes NTNU, Monica Iovan Visma | ||
16:18 18mResearch paper | From Reinvention to Reuse: An Empirical Example Study On Technical Debt Dataset Research Papers Leevi Rantala University of Oulu, Mika Mäntylä University of Helsinki and University of Oulu, Murali Sridharan | ||
16:36 18mIndustry talk | An Automated Approach to Identify Source Code Files Affected by Architectural Technical Debt Industry Papers Armando Soares Sousa , Lincoln Rocha Federal University of Ceará, Ricardo Britto Ericsson / Blekinge Institute of Technology, Guilherme Amaral Avelino Federal University of Piaui | ||
16:54 36mTalk | Session 6 Discussion Research Papers |