Projekt per år
The increase in both the use of open-source software (OSS) and the number of new vulnerabilities reported in this software constitutes an increased threat to businesses, people, and our society. To mitigate this threat, vulnerability information must be efficiently handled in organizations. In addition, where e.g., IoT devices are integrated into systems, such information must be disseminated from producers, who are implementing patches and new firmware, to acquirers who are responsible for maintaining the systems. We conduct an exploratory case study with one producer of IoT devices and one acquirer of the same devices, where the acquirer integrates the devices into larger systems. Through this two-sided case study, we describe company roles, internal and inter-company communication, and the decisions that need to be made with regard to cybersecurity vulnerabilities. We also identify and discuss both challenges and opportunities for improvements, from the point of view of both the producer and acquirer.
|Titel på värdpublikation||International Conference on Product-Focused Software Process Improvement|
|Undertitel på värdpublikation||PROFES 2021|
|Status||Published - 2021|
|Namn||Lecture Notes in Computer Science|
FingeravtryckUtforska forskningsämnen för ”Communicating Cybersecurity Vulnerability Information: A Producer-Acquirer Case Study”. Tillsammans bildar de ett unikt fingeravtryck.
2018/11/30 → 2021/11/30