HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

Research output: Chapter in Book/Report/Conference proceedingPaper in conference proceedingResearchpeer-review

2 Citations (SciVal)
335 Downloads (Pure)

Abstract

Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates.
Original languageEnglish
Title of host publicationProduct-Focused Software Process Improvement
PublisherSpringer
Pages 81-97
Number of pages16
ISBN (Electronic)978-3-030-03673-7
DOIs
Publication statusPublished - 2018
EventInternational Conference on on Product-Focused Software Process Improvement (PROFES 2018) - Wolfsburg, Germany
Duration: 2018 Nov 282018 Nov 30

Publication series

Name Lecture Notes in Computer Science
PublisherSpringer
Volume11271
ISSN (Print)0302-9743

Conference

ConferenceInternational Conference on on Product-Focused Software Process Improvement (PROFES 2018)
Country/TerritoryGermany
CityWolfsburg
Period2018/11/282018/11/30

Subject classification (UKÄ)

  • Software Engineering

Keywords

  • Maturity model
  • Software security
  • Software maintenance
  • Frimware update
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components'. Together they form a unique fingerprint.

Cite this