Evaluation of the HAVOSS software process maturity model

Martin Höst; Martin Hell

doi:10.1109/SEAA51224.2020.00031

Evaluation of the HAVOSS software process maturity model

Martin Höst, Martin Hell

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

104 Downloads (Pure)

Abstract

The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives.

Original language	English
Title of host publication	Euromicro Conference on Software Engineering and Advanced Applications (SEAA)
Publisher	IEEE - Institute of Electrical and Electronics Engineers Inc.
Pages	137-140
Number of pages	4
ISBN (Electronic)	978-1-7281-9532-2
DOIs	https://doi.org/10.1109/SEAA51224.2020.00031
Publication status	Published - 2020
Event	Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020 - Virtual conference, Portoroz, Slovenia Duration: 2020 Aug 26 → 2020 Aug 28

Conference

Conference	Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020
Country/Territory	Slovenia
City	Portoroz
Period	2020/08/26 → 2020/08/28

Subject classification (UKÄ)

Software Engineering

Access to Document

10.1109/SEAA51224.2020.00031

EUROMICRO SEAA 2020Accepted author manuscript, 423 KB

Cite this

@inproceedings{3071ad15b99a428692300267c5b583cb,

title = "Evaluation of the HAVOSS software process maturity model",

abstract = "The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives.",

author = "Martin H{\"o}st and Martin Hell",

year = "2020",

doi = "10.1109/SEAA51224.2020.00031",

language = "English",

pages = "137--140",

booktitle = "Euromicro Conference on Software Engineering and Advanced Applications (SEAA)",

publisher = "IEEE - Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020 ; Conference date: 26-08-2020 Through 28-08-2020",

}

Höst, M & Hell, M 2020, Evaluation of the HAVOSS software process maturity model. in Euromicro Conference on Software Engineering and Advanced Applications (SEAA). IEEE - Institute of Electrical and Electronics Engineers Inc., pp. 137-140, Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020, Portoroz, Slovenia, 2020/08/26. https://doi.org/10.1109/SEAA51224.2020.00031

TY - GEN

T1 - Evaluation of the HAVOSS software process maturity model

AU - Höst, Martin

AU - Hell, Martin

PY - 2020

Y1 - 2020

N2 - The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives.

AB - The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives.

UR - https://dsd-seaa2020.um.si/seaa/

U2 - 10.1109/SEAA51224.2020.00031

DO - 10.1109/SEAA51224.2020.00031

M3 - Paper in conference proceeding

SP - 137

EP - 140

BT - Euromicro Conference on Software Engineering and Advanced Applications (SEAA)

PB - IEEE - Institute of Electrical and Electronics Engineers Inc.

T2 - Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020

Y2 - 26 August 2020 through 28 August 2020

ER -

Evaluation of the HAVOSS software process maturity model

Abstract

Conference

Subject classification (UKÄ)

Access to Document

Other files and links

Fingerprint

HATCH: HATCH: Handling Vulnerabilities in the Value Chain

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden

Cite this

Evaluation of the HAVOSS software process maturity model

Abstract

Conference

Subject classification (UKÄ)

Access to Document

Other files and links

Fingerprint

Projects

HATCH: HATCH: Handling Vulnerabilities in the Value Chain

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden

Cite this