HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

Nikbakht Bideh, Pegah; Höst, Martin; Hell, Martin

HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

Mark

; Höst, Martin ^LU and Hell, Martin ^LU (2018) International Conference on on Product-Focused Software Process Improvement (PROFES 2018) In Lecture Notes in Computer Science 11271. p.81-97

Abstract: Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to... (More); Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/14b7a34a-5f2e-415a-b7e8-346e37b6aac6

author

Nikbakht Bideh, Pegah ^LU

; Höst, Martin ^LU and Hell, Martin ^LU

organization

publishing date

2018

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Software Engineering

keywords

Maturity model, Software security, Software maintenance, Frimware update, Vulnerabilities

host publication

Product-Focused Software Process Improvement

series title

Lecture Notes in Computer Science

volume

11271

pages

16 pages

publisher

Springer

conference name

International Conference on on Product-Focused Software Process Improvement (PROFES 2018)

conference location

Wolfsburg, Germany

conference dates

2018-11-28 - 2018-11-30

external identifiers

scopus:85057293484

ISSN

0302-9743

ISBN

978-3-030-03673-7

DOI

10.1007/978-3-030-03673-7_6

project

SECONDS: Secure Connected Devices

language

English

LU publication?

yes

id

14b7a34a-5f2e-415a-b7e8-346e37b6aac6

date added to LUP

2018-08-06 15:07:52

date last changed

2022-04-25 08:34:34

@inproceedings{14b7a34a-5f2e-415a-b7e8-346e37b6aac6,
  abstract     = {{Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates.}},
  author       = {{Nikbakht Bideh, Pegah and Höst, Martin and Hell, Martin}},
  booktitle    = {{Product-Focused Software Process Improvement}},
  isbn         = {{978-3-030-03673-7}},
  issn         = {{0302-9743}},
  keywords     = {{Maturity model; Software security; Software maintenance; Frimware update; Vulnerabilities}},
  language     = {{eng}},
  pages        = {{81--97}},
  publisher    = {{Springer}},
  series       = {{Lecture Notes in Computer Science}},
  title        = {{HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components}},
  url          = {{https://lup.lub.lu.se/search/files/50645361/PROFES_2018_paper_19.pdf}},
  doi          = {{10.1007/978-3-030-03673-7_6}},
  volume       = {{11271}},
  year         = {{2018}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components