Explore software security debt in modern development through this 32-minute conference talk delivered by Ollie Whitehouse at 44CON 2012 in London. Delve into the concept of technical debt and its security implications, understanding how it accrues based on risk and its impact on the software development lifecycle. Learn about latent debt resilience, effective debt management strategies, and the importance of assigning interest rates to security debt. Discover various repayment methods, including new version requirements, severity prioritization, and percentage reduction. Examine debt expiry, debt overhang, and strategic debt restructuring. Consider the consequences of non-repayment and potential bankruptcy scenarios. Gain valuable insights into managing software security austerity and its long-term effects on development processes.
Software Security Austerity - Software Security Debt in Modern Software Development
44CON Information Security Conference via YouTube
Overview
Syllabus
Intro
Technical debt
Security debt.
Security debt-source?
Security debt and SDLS
Accruing debt based on risk
Latent debt resilience
Debt Management
Why we care
Assigning interest rates to security debt
Repayment-New version requirements
Repayment -Severity prioritization
Repayment - Percentage reduction
Debt Expiry
Debt Overhang
Strategic Debt Restructuring
Bankruptcy
Non Repayment - Consequence Planning
Conclusions
Taught by
44CON Information Security Conference
