Advanced

HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

Nikbakht Bideh, Pegah LU ; Höst, Martin LU and Hell, Martin LU (2018) International Conference on on Product-Focused Software Process Improvement (PROFES 2018) In Lecture Notes in Computer Science 11271. p.81-97
Abstract
Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to... (More)
Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Maturity model, Software security, Software maintenance, Frimware update, Vulnerabilities
host publication
Product-Focused Software Process Improvement
series title
Lecture Notes in Computer Science
volume
11271
pages
16 pages
publisher
Springer Verlag
conference name
International Conference on on Product-Focused Software Process Improvement (PROFES 2018)
conference location
Wolfsburg, Germany
conference dates
2018-11-28 - 2018-11-30
external identifiers
  • scopus:85057293484
ISSN
0302-9743
ISBN
978-3-030-03673-7
DOI
10.1007/978-3-030-03673-7_6
language
English
LU publication?
yes
id
14b7a34a-5f2e-415a-b7e8-346e37b6aac6
date added to LUP
2018-08-06 15:07:52
date last changed
2018-12-09 04:40:15
@inproceedings{14b7a34a-5f2e-415a-b7e8-346e37b6aac6,
  abstract     = {Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates. },
  author       = {Nikbakht Bideh, Pegah and Höst, Martin and Hell, Martin},
  booktitle    = { Lecture Notes in Computer Science},
  isbn         = {978-3-030-03673-7},
  issn         = {0302-9743},
  keyword      = {Maturity model,Software security,Software maintenance,Frimware update,Vulnerabilities},
  language     = {eng},
  location     = {Wolfsburg, Germany},
  pages        = {81--97},
  publisher    = {Springer Verlag},
  title        = {HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components},
  url          = {http://dx.doi.org/10.1007/978-3-030-03673-7_6},
  volume       = {11271},
  year         = {2018},
}