Software Vulnerabilities, Defects, and Design Flaws: A Technical Debt Perspective
Loading...
Authors
Nord, Robert L.
Ozkaya, Ipek
Shull, Forrest
Subjects
Advisors
Date of Issue
2017-03
Date
2017-03
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Technical debt describes a universal software development phenomenon: モQuick and easyヤ design or implementation choices that linger in the system will cause ripple effects that make future changes more costly. Although DoD software sustainment organizations have routine practices to manage other kinds of software issues, such as defects and vulnerabilities, the same cannot be said for technical debt. In this work, we discuss the relationships among these three kinds of software anomalies and their impact on software assurance and sustainable development and delivery. Defects are directly linked to external quality, and vulnerabilities are linked to more specific security concerns, but technical debt concerns internal quality and has a significant economic impact on the cost of sustaining and evolving software systems. Emerging research results and industry input demonstrate there are clear distinctions that call for different detection and management methods for defects, vulnerabilities, and technical debt. We draw from concrete examples and experience to offer software development practices to improve the management of technical debt and its impact on security.
Type
Report
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
SYM-AM-17-047
Sponsors
Naval Postgraduate School Acquisition Research Program
Funding
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.