Tyck till om SwePub Sök
här!
Sökning: id:"swepub:oai:DiVA.org:fhs-6685" >
Papering Over the C...
Papering Over the Cracks : The Effects of Introducing Best Practices on the Web Security Ecosystem
-
- Larsson, Emil (författare)
- Schibsted Media Group
-
- Sigholm, Johan (författare)
- Försvarshögskolan,Militärtekniska avdelningen (MTA)
-
(creator_code:org_t)
- IEEE, 2016
- 2016
- Engelska.
-
Ingår i: The 30th International Conference on Information Networking. - : IEEE. - 9781509017256 - 9781509017249 ; , s. 1-6
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Hypertext Transfer Protocol Secure (HTTPS) is the de facto standard for secure end-to-end web communication. However, numerous flaws discovered during recent years, such as Apple’s “goto fail” bug, and cryptographic weaknesses as illustrated by the Poodlebleed vulnerability, have brought the efficiency of the mostly self-regulated web security market into question. In this cross-disciplinary paper, the authors survey some 160.000 HTTPS-enabled servers among popular web sites over a time period of three years. The research question is what effect the introduction of best practices and vulnerability publication have on web server security in the form of protocol support. Main findings include that (i) insecure configurations, although well known, can remain widespread for over a decade, (ii) the introduction of best practices affect the decline of insecure configurations only moderately, whereas highly publicized security flaws have a significant impact, and (iii) economic incentives for website owners to provide secure services are weak, motivating such other levers of influence as legislation or blocking of noncompliant sites.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)
Nyckelord
- Internet governance
- network security
- security economics
- HTTPS
- Försvarssystem
- Military Technology
Publikations- och innehållstyp
- ref (ämneskategori)
- kon (ämneskategori)
Hitta via bibliotek
Till lärosätets databas