Source:

Product owner.

Stimulus:

The system uses a specific library as a core component, which gets security updates every week.

Environment:

Development environment, automated build and test pipeline.

Response:

An update of this library must be possible with a maximum time budget of 2 developer-hours on average.

Response Measure:

• Manual effort required for such updates must not exceed 2hrs for a single developer on average.
• cost of automation (build and test) is not considered, as these are already available.