Context/Background

• The system uses a commercial library as a core component.
• An automated build and test pipeline for the system is in place. This is available for all developers within their development environment.

Source

• This commercial library gets regular security updates every month.
• In some cases (e.g. zero day exploits) additional updates are delivered from the vendor. The product owner requires that these updates are incorporated with only limited manual effort.

Metric/Acceptance Criteria

• An update of this library must be possible with a maximum time budget of less than 2 developer-hours on average.
• The cost of automation (build and test) is not considered, as these are already available.