HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKonferenspaper i proceedingPeer review

533 Nedladdningar (Pure)

Sammanfattning

Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates.
Originalspråkengelska
Titel på värdpublikationProduct-Focused Software Process Improvement
FörlagSpringer
Sidor 81-97
Antal sidor16
ISBN (elektroniskt)978-3-030-03673-7
DOI
StatusPublished - 2018
EvenemangInternational Conference on on Product-Focused Software Process Improvement (PROFES 2018) - Wolfsburg, Tyskland
Varaktighet: 2018 nov. 282018 nov. 30

Publikationsserier

Namn Lecture Notes in Computer Science
FörlagSpringer
Volym11271
ISSN (tryckt)0302-9743

Konferens

KonferensInternational Conference on on Product-Focused Software Process Improvement (PROFES 2018)
Land/TerritoriumTyskland
OrtWolfsburg
Period2018/11/282018/11/30

Ämnesklassifikation (UKÄ)

  • Programvaruteknik

Fingeravtryck

Utforska forskningsämnen för ”HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här