Evaluation of the HAVOSS software process maturity model
(2020) Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020 p.137-140- Abstract
- The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other... (More)
- The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives. (Less)
- Abstract (Swedish)
- The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other... (More)
- The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products.
Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/3071ad15-b99a-4286-9230-0267c5b583cb
- author
- Höst, Martin LU and Hell, Martin LU
- organization
- publishing date
- 2020
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- Euromicro Conference on Software Engineering and Advanced Applications (SEAA)
- pages
- 4 pages
- publisher
- IEEE - Institute of Electrical and Electronics Engineers Inc.
- conference name
- Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 2020
- conference location
- Portoroz, Slovenia
- conference dates
- 2020-08-26 - 2020-08-28
- external identifiers
-
- scopus:85096514578
- ISBN
- 978-1-7281-9532-2
- DOI
- 10.1109/SEAA51224.2020.00031
- project
- Säkra mjukvaruuppdateringar för den smarta staden
- HATCH: Handling Vulnerabilities in the Value Chain
- language
- English
- LU publication?
- yes
- id
- 3071ad15-b99a-4286-9230-0267c5b583cb
- date added to LUP
- 2020-08-03 13:06:57
- date last changed
- 2022-04-19 00:07:51
@inproceedings{3071ad15-b99a-4286-9230-0267c5b583cb, abstract = {{The HAVOSS (Handling Vulnerabilities in OSS) maturity model describes important processes for managing security vulnerabilities in OSS modules in developed products. So far, the model has not been evaluated in any real assessment process. Here we present a study where the model was evaluated by using it in assessments of processes for two product types in one organization. Each assessment was conducted in a focus group meeting where their procedures were analyzed. The evaluation was conducted by posing specific questions about the model during the focus group meetings and by investigating how difficult it was to assess the maturity of practices from the transcribed text. It was found that some practices were easy to assess, while other could be analysed separately for different parts of the products. Further work can be conducted on how assessments can be conducted and how they can be combined with other software security initiatives.}}, author = {{Höst, Martin and Hell, Martin}}, booktitle = {{Euromicro Conference on Software Engineering and Advanced Applications (SEAA)}}, isbn = {{978-1-7281-9532-2}}, language = {{eng}}, pages = {{137--140}}, publisher = {{IEEE - Institute of Electrical and Electronics Engineers Inc.}}, title = {{Evaluation of the HAVOSS software process maturity model}}, url = {{https://lup.lub.lu.se/search/files/82413321/HAVOSS_evaluation_toLUweb.pdf}}, doi = {{10.1109/SEAA51224.2020.00031}}, year = {{2020}}, }