{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T04:51:12Z","timestamp":1742964672100,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031783852"},{"type":"electronic","value":"9783031783869"}],"license":[{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,27]],"date-time":"2024-11-27T00:00:00Z","timestamp":1732665600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-78386-9_4","type":"book-chapter","created":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T16:44:49Z","timestamp":1733071489000},"page":"43-59","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Defining Security Debt: A Case Study Based on Practice"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-7345-3632","authenticated-orcid":false,"given":"Maren Maritsdatter","family":"Kruke","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0669-8687","authenticated-orcid":false,"given":"Antonio","family":"Martini","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2490-902X","authenticated-orcid":false,"given":"Daniela S.","family":"Cruzes","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2499-6872","authenticated-orcid":false,"given":"Monica","family":"Iovan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,11,27]]},"reference":[{"key":"4_CR1","unstructured":"Armerding, T.: What is security debt, and how do i get out of it? (2020). https:\/\/www.synopsys.com\/blogs\/software-security\/security-debt.html, webpage"},{"key":"4_CR2","doi-asserted-by":"publisher","unstructured":"Avgeriou, P., Kruchten, P., Ozkaya, I., Seaman, C.: Managing technical debt in software engineering (Dagstuhl Seminar 16162). Dagstuhl Rep. 6(4), 110\u2013138 (2016). https:\/\/doi.org\/10.4230\/DagRep.6.4.110, http:\/\/drops.dagstuhl.de\/opus\/volltexte\/2016\/6693","DOI":"10.4230\/DagRep.6.4.110"},{"issue":"2","key":"4_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3563392","volume":"26","author":"D Barrera","year":"2023","unstructured":"Barrera, D., Bellman, C., Van Oorschot, P.: Security best practices: a critical analysis using IoT as a case study. ACM Trans. Priv. Secur. 26(2), 1\u201330 (2023)","journal-title":"ACM Trans. Priv. Secur."},{"key":"4_CR4","unstructured":"Bellman, C., van Oorschot, P.C.: Best practices for IoT security: what does that even mean? arXiv preprint arXiv:2004.12179 (2020)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Brown, N., et\u00a0al.: Managing technical debt in software-reliant systems. In: Proceedings of the FSE\/SDP Workshop on Future of Software Engineering Research, pp. 47\u201352 (2010)","DOI":"10.1145\/1882362.1882373"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Coetzer, C., Leenen, L.: Managing cyber security debt: strategies for identification, prioritisation, and mitigation. In: International Conference on Cyber Warfare and Security, vol.\u00a019, pp. 439\u2013446 (2024)","DOI":"10.34190\/iccws.19.1.2178"},{"key":"4_CR7","unstructured":"Creswell, J.W., Creswell, J.D.: Research design: qualitative, quantitative, and mixed methods approaches. SAGE Publications, 5 edn. (2018)"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Esposito, M., Moreschini, S., Lenarduzzi, V., H\u00e4stbacka, D., Falessi, D.: Can we trust the default vulnerabilities severity? In: 2023 IEEE 23rd International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 265\u2013270. IEEE (2023)","DOI":"10.1109\/SCAM59687.2023.00037"},{"issue":"1","key":"4_CR9","first-page":"169","volume":"5","author":"S Huopio","year":"2020","unstructured":"Huopio, S.: A quest for indicators of security debt. Cyber Defense Rev. 5(1), 169\u2013184 (2020)","journal-title":"Cyber Defense Rev."},{"issue":"6","key":"4_CR10","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MS.2012.167","volume":"29","author":"P Kruchten","year":"2012","unstructured":"Kruchten, P., Nord, R.L., Ozkaya, I.: Technical debt: from metaphor to theory and practice. IEEE Softw. 29(6), 18\u201321 (2012)","journal-title":"IEEE Softw."},{"issue":"5","key":"4_CR11","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/2507288.2507326","volume":"38","author":"P Kruchten","year":"2013","unstructured":"Kruchten, P., Nord, R.L., Ozkaya, I., Falessi, D.: Technical debt: towards a crisper definition report on the 4th international workshop on managing technical debt. ACM SIGSOFT Softw. Eng. Notes 38(5), 51\u201354 (2013)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"4_CR12","unstructured":"Kruke, M.M.: Security Debt in Practice. Master\u2019s thesis, Univeristy of Oslo (2022)"},{"key":"4_CR13","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1016\/j.jss.2014.12.027","volume":"101","author":"Z Li","year":"2015","unstructured":"Li, Z., Avgeriou, P., Liang, P.: A systematic mapping study on technical debt and its management. J. Syst. Softw. 101, 193\u2013220 (2015)","journal-title":"J. Syst. Softw."},{"issue":"6","key":"4_CR14","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MS.2012.130","volume":"29","author":"E Lim","year":"2012","unstructured":"Lim, E., Taksande, N., Seaman, C.: A balancing act: what software practitioners have to say about technical debt. IEEE Softw. 29(6), 22\u201327 (2012)","journal-title":"IEEE Softw."},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Martinez, J., Quintano, N., Ruiz, A., Santamaria, I., de\u00a0Soria, I.M., Arias, J.: Security debt: characteristics, product life-cycle integration and items. In: 2021 IEEE\/ACM International Conference on Technical Debt (TechDebt), pp.\u00a01\u20135. IEEE (2021)","DOI":"10.1109\/TechDebt52882.2021.00009"},{"key":"4_CR16","unstructured":"Maymi, F., Harris, S.: CISSP all-in-one exam guide, eighth edition. McGraw-Hill Education, 8 edn. (2019)"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Rindell, K., Bernsmed, K., Jaatun, M.G.: Managing security in software: or: How i learned to stop worrying and manage the security technical debt. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp.\u00a01\u20138 (2019)","DOI":"10.1145\/3339252.3340338"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Rindell, K., Holvitie, J.: Security risk assessment and management as technical debt. In: 2019 International Conference on Cyber Security and Protection of Digital Services, pp.\u00a01\u20138. IEEE (2019)","DOI":"10.1109\/CyberSecPODS.2019.8885100"},{"key":"4_CR19","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/j.infsof.2018.05.010","volume":"102","author":"N Rios","year":"2018","unstructured":"Rios, N., de Mendon\u00e7a Neto, M.G., Sp\u00ednola, R.O.: A tertiary study on technical debt: types, management strategies, research trends, and base information for practitioners. Inf. Softw. Technol. 102, 117\u2013145 (2018)","journal-title":"Inf. Softw. Technol."},{"issue":"2","key":"4_CR20","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s10664-008-9102-8","volume":"14","author":"P Runeson","year":"2009","unstructured":"Runeson, P., H\u00f6st, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131\u2013164 (2009)","journal-title":"Empir. Softw. Eng."},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Silva, M.C.O., Valente, M.T., Terra, R.: Does technical debt lead to the rejection of pull requests? arXiv preprint arXiv:1604.01450 (2016)","DOI":"10.5753\/sbsi.2016.5969"},{"key":"4_CR22","unstructured":"Strauss, A.L., Corbin, J.M.: Grounded Theory in Practice. Sage (1997)"},{"issue":"6","key":"4_CR23","doi-asserted-by":"publisher","first-page":"1498","DOI":"10.1016\/j.jss.2012.12.052","volume":"86","author":"E Tom","year":"2013","unstructured":"Tom, E., Aurum, A., Vidgen, R.: An exploration of technical debt. J. Syst. Softw. 86(6), 1498\u20131516 (2013)","journal-title":"J. Syst. Softw."},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Xavier, L., Ferreira, F., Brito, R., Valente, M.T.: Beyond the code: mining self-admitted technical debt in issue tracker systems. In: Proceedings of the 17th International Conference on Mining Software Repositories, pp. 137\u2013146 (2020)","DOI":"10.1145\/3379597.3387459"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-78386-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T17:02:24Z","timestamp":1733072544000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-78386-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,27]]},"ISBN":["9783031783852","9783031783869"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-78386-9_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,11,27]]},"assertion":[{"value":"27 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Authors Maren Maritsdatter Kruke, Daniela Soares Cruzes, and Monica Iovan are Visma employees.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conf.researchr.org\/home\/profes-2024","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}