Word of the Day & Pop Quiz: security debt

Word of the Day: Daily updates on the latest technology terms

Word of the Day & Pop Quiz Daily updates on the latest technology terms | September 14, 2020 security debt Security debt is a type of technical debt that occurs when an organization fails to prioritize information security dependencies at the beginning of a project. Security debt is developer lingo for "work we owe." Like monetary debt, security debt must eventually be paid. Just as failure to pay down a financial debt on time will result in additional charges, failure to pay down security debt can result in additional risk -- both financial and reputational.   Security debt can be surfaced in several ways, including through: User bug reports Publicly disclosed flaws Fuzz testing Pen testing Static analysis tools To reduce security debt, software developers should include security testing early in the the software development life cycle and automate patch management as much as possible. Continue reading...   Take today's Pop Quiz!     1. What do you call a quick-repair job for a piece of faulty programming? Answer   2. What do you call the process of identifying, assessing and controlling threats to an organization's capital and earnings? a. SWOT analysis b. risk management Answer   3. Which term describes the practice of testing software to find security vulnerabilities that an attacker could exploit? a. pen testing b. A/B testing Answer   4. What technique for discovering security loopholes in software involves inputting massive amounts of random data to make the test subject crash? a. fuzz testing b. bang-bang control Answer   5. Which method of debugging examines code without executing the program? a. static analysis b. black box analysis Answer Today's Takeaway "Technical debt is the skeleton in the closet of high-performing IT organizations. Everyone has it, no one wants to admit it and few understand appropriate technical debt management techniques." - Adam Bertram Watch and Learn CIA Triad Be mindful of the CIA -- no, not that one. We're talking about the CIA triad in information technology. Watch to learn more about what it is, how it supports information security and why it's one of our most popular definitions. Continue Learning Tackling security debt: The role of risk register, patch management In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Risk management vs. risk assessment vs. risk analysis Understanding risk is the first step to making informed budget and security decisions. Explore the differences between risk management vs. risk assessment vs. risk analysis. Involve your security team in the decision-making process It's time for businesses to include security teams in project planning -- even when it's not cybersecurity related -- because their experience provides diverse insights that might otherwise be missed. Compare the 2 common types of technical debt While enterprises often incur technical debt inadvertently through inexperience or poor management, sometimes, developers will plan technical debt to establish a market presence. Strive for real-world technical debt management in DevOps orgs Technical debt is a bit like the kitchen junk drawer: It's cobbled-together, useful stuff that just needed to go somewhere. But the longer you wait to sort it out, the worse it gets. Pop Quiz Answer Key 1. patch 2. risk management 3. penetration testing 4. fuzz testing 5. static analysis Stay in Touch Thank you for reading! For feedback about any of our definitions or to suggest a new definition (or learning resource) please contact me at mrouse@techtarget.com FOLLOW US About This E-Newsletter The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List