Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Evaluating software security maturity using OWASP SAMM: Different approaches and stakeholders perceptions
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.ORCID-id: 0000-0002-0679-4361
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.ORCID-id: 0000-0001-7526-3727
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.ORCID-id: 0000-0003-3818-4442
Ericsson, Karlskrona, Sweden.
2024 (engelsk)Inngår i: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 214, artikkel-id 112062Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Background: Recent years have seen a surge in cyber-attacks, which can be prevented or mitigated using software security activities. OWASP SAMM is a maturity model providing a versatile way for companies to assess their security posture and plan for improvements. Objective: We perform an initial SAMM assessment in collaboration with a company in the financial domain. Our objective is to assess a holistic inventory of the company security-related activities, focusing on how different roles perform the assessment and how they perceive the instrument used in the process. Methodology: We perform a case study to collect data using SAMM in a lightweight and novel manner through assessment using an online survey with 17 participants and a focus group with seven participants. Results: We show that different roles perceive maturity differently and that the two assessments deviate only for specific practices making the lightweight approach a viable and efficient solution in industrial practice. Our results indicate that the questions included in the SAMM assessment tool are answered easily and confidently across most roles. Discussion: Our results suggest that companies can productively use a lightweight SAMM assessment. We provide nine lessons learned for guiding industrial practitioners in the evaluation of their current security posture as well as for academics wanting to utilize SAMM as a research tool in industrial settings. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board. © 2024 The Author(s)

sted, utgiver, år, opplag, sider
Elsevier, 2024. Vol. 214, artikkel-id 112062
Emneord [en]
Industry-academia collaboration, OWASP SAMM, Software security, Cybersecurity, Industrial research, Petroleum reservoir evaluation, Cyber-attacks, Evaluating software, Financial domains, Maturity model, Open science, Security activities, Stakeholder perception, Network security
HSV kategori
Identifikatorer
URN: urn:nbn:se:bth-26188DOI: 10.1016/j.jss.2024.112062ISI: 001237888500001Scopus ID: 2-s2.0-85192019707OAI: oai:DiVA.org:bth-26188DiVA, id: diva2:1857279
Ingår i projekt
SERT- Software Engineering ReThought, Knowledge Foundation
Forskningsfinansiär
Knowledge Foundation, 20180010Tilgjengelig fra: 2024-05-13 Laget: 2024-05-13 Sist oppdatert: 2024-06-19bibliografisk kontrollert

Open Access i DiVA

fulltext(3134 kB)126 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 3134 kBChecksum SHA-512
1131a9ee908f1875524eead1349989845fe3c32091fc24465928acc834ca9ec478162498426be89618541924f44c58b288851f78834b170e25ba8773b96e7fc3
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekstScopus

Person

Fucci, DavideAlégroth, EmilFelderer, Michael

Søk i DiVA

Av forfatter/redaktør
Fucci, DavideAlégroth, EmilFelderer, Michael
Av organisasjonen
I samme tidsskrift
Journal of Systems and Software

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 126 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 132 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf