Security Debt: Characteristics, Product Life-Cycle Integration and Items

Martínez, Jabier; Quintano, Nuria; Ruíz, Alejandra; Santamaría, Izaskun; Soria, Iker Martinez de; Arias, José Carlos Pérez

doi:10.1109/techdebt52882.2021.00009

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Book1

Other1

Relationship

Self Cite0

Independent4

Authors

Journals

Cited by 4 publications

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Defining Security Debt: A Case Study Based on Practice

Kruke,

Martini,

Cruzes

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Defining Security Debt: A Case Study Based on Practice

Kruke,

Martini,

Cruzes

et al. 2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study

Díaz Ferreyra,

Shahin,

Zahedi

et al. 2024

Proceedings of the 21st International Conference on Mining Software Repositories

View full text Add to dashboard Cite

A Comprehensive View on TD Prevention Practices and Reasons for Not Preventing It

Freire,

Pacheco,

Rios

et al. 2024

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

Context . Technical debt (TD) prevention allows software practitioners to apply practices to avoid potential TD items in their projects. Aims. To uncover and prioritize, from the point of view of software practitioners, the practices that could be used to avoid TD items, the relations between these practices and the causes of TD, and the practice avoidance reasons (PARs) that could explain the failure to prevent TD. Method . We analyze data collected from six replications of a global industrial family of surveys on TD, totaling 653 answers. We also conducted a follow up survey to understand the importance level of analyzed data. Results . Most practitioners indicated that TD could be prevented, revealing 89 prevention practices and 23 PARs for explaining the failure to prevent TD. The paper identifies statistically significant relationships between preventive practices and certain causes of TD. Further, it prioritizes the list of practices, PARs, and relationships regarding their level of importance for TD prevention based on the opinion of software practitioners. Conclusion . This work organizes TD prevention practices and PARs in a conceptual map and the relationships between practices and causes of TD in a Sankey diagram to help the visualization of the body of knowledge reported in this study.

show abstract

Security Debt: Characteristics, Product Life-Cycle Integration and Items

Cited by 4 publications

References 31 publications

Defining Security Debt: A Case Study Based on Practice

Defining Security Debt: A Case Study Based on Practice

What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study

A Comprehensive View on TD Prevention Practices and Reasons for Not Preventing It

Contact Info

Product

Resources

About