The work carried out is part of the “Secure Systems Life Cycle Development” work package of the Elkartek 2020 TRUSTIND project.
The article entitled Security Debt: Characteristics, Product Life-Cycle Integration and Items was prepared by members of theSoftware and Systems Life-Cycle Innovation (SLI) focus group and presented at TechDebt 2021, the 4th International Conference on Technical Debt 2021.
The analysis is the result of research carried out in one of the work packages of the TRUSTIND project (Creating Trust in the Industrial Digital Transformation). The aim is to develop the knowledge base on industrial cybersecurity, which began with the Elkartek Sekutek project and continued with the Elkartek Cyberprest and Sendai projects.
To do this, TECNALIA is creating technology that supports an industry and industrial products that are resilient to cyber-attacks throughout their life cycle, and strengthening the development of the Basque cybersecurity industry.
TRUSTIND is conducting research into technologies related to the industrial digital transformation, such as industrial resilience management, industrial digital identity, industrial data security, audit & forensic analysis and secure systems life cycle development. These technologies strengthen security and privacy in an assessable and verifiable way starting with their design throughout the supply chain, thereby making it easier for the manufacturer to maintain post-sale cybersecurity.
At TECNALIA we are currently investigating how to transfer technical debt management concepts to security aspects. The first step was an analysis of the state of the art related to the quantification of security debt in the development of systems. TECNALIA is looking at identifying the different approaches proposed in the relevant literature, and drawing on the findings to determine a suitable way of measuring security in the context of critical systems.
Further information
TRUSTIND is an ELKARTEK 2020 project that started in July 2020. Taking part in it are the nine cybersecurity research agents in the Basque Country: TECNALIA (project leader), IKERLAN, VICOMTECH, BCAM, CEIT, Mondragon University, TECNUN, UPV/EHU and the University of Deusto.
This programme is aligned with the strategy of the Basque Cybersecurity Centre (BCSC). The technology developed will be tested in the laboratories of the Basque Digital Innovation Hub (BDIH) cybersecurity node.
