Technical debt – why I love it (and so should you) presented at DevSecConBoston 2018

by Mike Bursell,

Summary : Technical debt is an unavoidable part of most software and hardware projects: almost no project launches with a full feature set, or complete functionality. This can have significant security impact, and lead to problems later in the project lifecycle for customers and vendors. This talk will start with a discussion about what technical debt is, how it develops, and some of the impacts it can have, both in projects using “old-style” development methodologies and DevOps. It will then present a view opposite to received wisdom: that technical debt, well-managed, can be a benefit to projects. I will argue that instead of hiding technical debt, it should be brought out into the open – whether for proprietary or open source projects. This is because a recognition of why decisions are made can lead to better conversations about how to mitigate possible vulnerabilities, how to design the current iteration in such a way as to allow for improvements later on, and to less naming and blaming down the road. It can also lead to better relationships between architects, designers, engineers, documentation, testing, product management and even sales and marketing. Customers can also benefit from increased visibility and honesty about technical debt. The session will conclude with some concrete suggestions about how to manage technical debt, whose responsibility recording and discussing it should be, and some practices to avoid.