Abstract

Security smells, i.e., possible symptoms of bad security decisions, can occur in microservice-based applications, potentially resulting in violations of key security properties. The decision of whether or not to refactor a service to mitigate the potential effects of security smells is complex, considering the distributed responsibility of services across teams and the possible impact on their development schedules. In this work-in-progress paper, we propose a team-centric approach that provides insights into the effects of refactorings on quality attributes, the urgency and effort of a refactoring, and its implications for other teams. The ultimate goal is to support teams in making decisions in the context of microservice-based application security and to improve the scheduling of the refactorings that mitigate the potential effects of microservice security smell instances.