Communicating Cybersecurity Vulnerability Information: A Producer-Acquirer Case Study

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceedingPeer review

40 Nedladdningar (Pure)


The increase in both the use of open-source software (OSS) and the number of new vulnerabilities reported in this software constitutes an increased threat to businesses, people, and our society. To mitigate this threat, vulnerability information must be efficiently handled in organizations. In addition, where e.g., IoT devices are integrated into systems, such information must be disseminated from producers, who are implementing patches and new firmware, to acquirers who are responsible for maintaining the systems. We conduct an exploratory case study with one producer of IoT devices and one acquirer of the same devices, where the acquirer integrates the devices into larger systems. Through this two-sided case study, we describe company roles, internal and inter-company communication, and the decisions that need to be made with regard to cybersecurity vulnerabilities. We also identify and discuss both challenges and opportunities for improvements, from the point of view of both the producer and acquirer.
Titel på värdpublikationInternational Conference on Product-Focused Software Process Improvement
Undertitel på värdpublikationPROFES 2021
ISBN (elektroniskt)978-3-030-91452-3
StatusPublished - 2021


NamnLecture Notes in Computer Science
FörlagSpringer Nature
ISSN (elektroniskt)1611-3349

Ämnesklassifikation (UKÄ)

  • Företagsekonomi
  • Programvaruteknik


Utforska forskningsämnen för ”Communicating Cybersecurity Vulnerability Information: A Producer-Acquirer Case Study”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här