Software Vulnerabilities, Defects, and Design Flaws: A Technical Debt Perspective

Abstract

Technical debt describes a universal software development phenomenon: Quick and easy design or implementation choices that linger in the system will cause ripple effects that make future changes more costly. Although DoD software sustainment organizations have routine practices to manage other kinds of software issues, such as defects and vulnerabilities, the same cannot be said for technical debt. In this work, we discuss the relationships among these three kinds of software anomalies and their impact on software assurance and sustainable development and delivery. Defects are directly linked to external quality, and vulnerabilities are linked to more specific security concerns, but technical debt concerns internal quality and has a significant economic impact on the cost of sustaining and evolving software systems. Emerging research results and industry input demonstrate there are clear distinctions that call for different detection and management methods for defects, vulnerabilities, and technical debt. We draw from concrete examples and experience to offer software development practices to improve the management of technical debt and its impact on security.