Security debt behaves like technical debt and compounds the same way
Security debt is not just technical debt with a different label. It compounds differently, it is harder to quantify. Unlike technical debt, a single unaddressed vulnerability can produce a catastrophic rather than a gradual failure. The organisations that treat security debt as a line item have already misunderstood it.