Architectural Archipelagos: Technical Debt in Long-Lived Software Research Platforms
Beyond tight deadlines: what are the business causes of technical debt?
Main, A., and Paul C. van Oorschot. "Software protection and application security: Understanding the battleground." International Course on State of the Art and Evolution of Computer Security and Industrial Cryptography, Heverlee, Belgium 19 (2003). - security policy - allowed actions, in practice hard to define - security mechanisms - enforce policy - goal is to cost effectively counter threats - which resources need protection and from which specific malicious actions?