Papers
Topics
Authors
Recent
Search
2000 character limit reached

Security Debt in Practice: Nuanced Insights from Practitioners

Published 15 Jul 2025 in cs.SE | (2507.11362v1)

Abstract: With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints cause unaddressed security vulnerabilities to accumulate over time, forming Security Debts (SDs). Despite their critical importance, there is limited empirical evidence on how software practitioners perceive, manage, and communicate SDs in real-world settings. In this paper, we present a qualitative empirical study based on semi-structured interviews with 22 software practitioners across various roles, organizations, and countries. We address four research questions: i) we assess software practitioners' knowledge of SDs and awareness of associated security risks, ii) we investigate their behavior towards SDs, iii) we explore common tools and strategies used to mitigate SDs, and iv) we analyze how security risks are communicated within teams and to decision makers. We observe variations in how practitioners perceive and manage SDs, with some prioritizing delivery speed over security, while others consistently maintain security as a priority. Our findings emphasize the need for stronger integration of security practices across the Software Development Life Cycle (SDLC), more consistent use of mitigation strategies, better balancing of deadlines, resources, and security-related tasks, with attention to the Confidentiality, Integrity, and Availability (CIA) triad.

Summary

No one has generated a summary of this paper yet.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Continue Learning

We haven't generated follow-up questions for this paper yet.

Collections

Sign up for free to add this paper to one or more collections.