Advanced

Industrial Practices in Security Vulnerability Management for IoT Systems – an Interview Study

Höst, Martin LU ; Sönnerup, Jonathan LU ; Hell, Martin LU and Olsson, Thomas (2018) International Conference on Software Engineering Research and Practice (SERP*18) In Proceedings of the 2018 International Conference on Software Engineering Research & Practice p.61-67
Abstract
The area of Internet of Things (IoT) is growing and it affects a large amount of users, which means that security is important. Many parts of IoT systems are built with Open Source Software, for which security vulnerabilities are available. It is important to update the software when vulnerabilities are detected, but it is unclear to what extent this is done in industry today. This study presents an investigation of industrial companies in the area of IoT to understand current procedures and challenges with respect to security updates. The research is conducted as an interview study with qualitative data analysis. It is found that few companies have formalized processes for this type of security updates, and there is a need to support both... (More)
The area of Internet of Things (IoT) is growing and it affects a large amount of users, which means that security is important. Many parts of IoT systems are built with Open Source Software, for which security vulnerabilities are available. It is important to update the software when vulnerabilities are detected, but it is unclear to what extent this is done in industry today. This study presents an investigation of industrial companies in the area of IoT to understand current procedures and challenges with respect to security updates. The research is conducted as an interview study with qualitative data analysis. It is found that few companies have formalized processes for this type of security updates, and there is a need to support both producers and integrators of IoT components.
(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
in
Proceedings of the 2018 International Conference on Software Engineering Research & Practice
pages
61 - 67
conference name
International Conference on Software Engineering Research and Practice (SERP*18)
ISBN
1-60132-489-8
language
English
LU publication?
yes
id
d6ecb33d-7aa3-4aed-b412-009bd2ae2841
alternative location
https://csce.ucmss.com/cr/books/2018/LFS/CSREA2018/SER3572.pdf
date added to LUP
2018-08-14 11:41:21
date last changed
2018-08-15 13:54:50
@inproceedings{d6ecb33d-7aa3-4aed-b412-009bd2ae2841,
  abstract     = {The area of Internet of Things (IoT) is growing and it affects a large amount of users, which means that security is important. Many parts of IoT systems are built with Open Source Software, for which security vulnerabilities are available. It is important to update the software when vulnerabilities are detected, but it is unclear to what extent this is done in industry today. This study presents an investigation of industrial companies in the area of IoT to understand current procedures and challenges with respect to security updates. The research is conducted as an interview study with qualitative data analysis. It is found that few companies have formalized processes for this type of security updates, and there is a need to support both producers and integrators of IoT components.<br/>},
  author       = {Höst, Martin and Sönnerup, Jonathan and Hell, Martin and Olsson, Thomas},
  booktitle    = {Proceedings of the 2018 International Conference on Software Engineering Research & Practice},
  isbn         = {1-60132-489-8},
  language     = {eng},
  pages        = {61--67},
  title        = {Industrial Practices in Security Vulnerability Management for IoT Systems – an Interview Study},
  year         = {2018},
}