Write a Blog >>
TechDebt 2020
Sun 28 - Tue 30 June 2020
co-located with ICSE 2020
Sun 28 Jun 2020 15:30 - 16:15 at TechDebt - Keynote 1 Chair(s): Matthias Galster

While engineers are increasingly aware of security requirements, in many organizations security remains the responsibility of “those security people” and is not tightly integrated into the development cycle. Productivity and feature goals can result in engineers focusing on deployment rather than on fixing non-critical security issues or on building security into a product, resulting in an increase of security technical debt. Attackers eagerly exploit the vulnerabilities lying in the security technical debt pile. Organizations can benefit from risk-based practices for shrinking this debt. This talk will present two research projects in which risk is being used to prioritize security mitigations. The first project is focused on reducing secrets and credentials that have been checked into a code base. The second project relates to the prioritization of patching the continuous onslaught of vulnerable components and libraries that comprise a product.

Sun 28 Jun

Displayed time zone: (UTC) Coordinated Universal Time change

15:30 - 16:15
Keynote 1TechDebt 2020 at TechDebt
Chair(s): Matthias Galster University of Canterbury

The keynote includes a 30 minute talk followed by a 15 minute Q&A.

Risk-based Security Technical Debt Reduction: When everything’s important, nothing gets done
TechDebt 2020
Laurie Williams North Carolina State University