SwePub
Sök i LIBRIS databas

  Extended search

onr:"swepub:oai:DiVA.org:bth-26188"
 

Search: onr:"swepub:oai:DiVA.org:bth-26188" > Evaluating software...

  • 1 of 1
  • Previous record
  • Next record
  •    To hitlist
  • Fucci, Davide,1985-Blekinge Tekniska Högskola,Institutionen för programvaruteknik (author)

Evaluating software security maturity using OWASP SAMM : Different approaches and stakeholders perceptions

  • Article/chapterEnglish2024

Publisher, publication year, extent ...

  • Elsevier,2024
  • electronicrdacarrier

Numbers

  • LIBRIS-ID:oai:DiVA.org:bth-26188
  • https://urn.kb.se/resolve?urn=urn:nbn:se:bth-26188URI
  • https://doi.org/10.1016/j.jss.2024.112062DOI

Supplementary language notes

  • Language:English
  • Summary in:English

Part of subdatabase

Classification

  • Subject category:ref swepub-contenttype
  • Subject category:art swepub-publicationtype

Notes

  • Background: Recent years have seen a surge in cyber-attacks, which can be prevented or mitigated using software security activities. OWASP SAMM is a maturity model providing a versatile way for companies to assess their security posture and plan for improvements. Objective: We perform an initial SAMM assessment in collaboration with a company in the financial domain. Our objective is to assess a holistic inventory of the company security-related activities, focusing on how different roles perform the assessment and how they perceive the instrument used in the process. Methodology: We perform a case study to collect data using SAMM in a lightweight and novel manner through assessment using an online survey with 17 participants and a focus group with seven participants. Results: We show that different roles perceive maturity differently and that the two assessments deviate only for specific practices making the lightweight approach a viable and efficient solution in industrial practice. Our results indicate that the questions included in the SAMM assessment tool are answered easily and confidently across most roles. Discussion: Our results suggest that companies can productively use a lightweight SAMM assessment. We provide nine lessons learned for guiding industrial practitioners in the evaluation of their current security posture as well as for academics wanting to utilize SAMM as a research tool in industrial settings. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board. © 2024 The Author(s)

Subject headings and genre

Added entries (persons, corporate bodies, meetings, titles ...)

  • Alégroth, Emil,1984-Blekinge Tekniska Högskola,Institutionen för programvaruteknik(Swepub:bth)EAL (author)
  • Felderer, Michael,1978-Blekinge Tekniska Högskola,Institutionen för programvaruteknik(Swepub:bth)mfd (author)
  • Johannesson, ChristofferEricsson, Karlskrona, Sweden (author)
  • Blekinge Tekniska HögskolaInstitutionen för programvaruteknik (creator_code:org_t)

Related titles

  • In:Journal of Systems and Software: Elsevier2140164-12121873-1228

Internet link

Find in a library

To the university's database

  • 1 of 1
  • Previous record
  • Next record
  •    To hitlist

Find more in SwePub

By the author/editor
Fucci, Davide, 1 ...
Alégroth, Emil, ...
Felderer, Michae ...
Johannesson, Chr ...
About the subject
NATURAL SCIENCES
NATURAL SCIENCES
and Computer and Inf ...
and Software Enginee ...
Articles in the publication
Journal of Syste ...
By the university
Blekinge Institute of Technology

Search outside SwePub

Wikipedia about the author:
Davide_Fucci
Fucci, Davide,1985-
en

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Close

Copy and save the link in order to return to this view