onr:"swepub:oai:DiVA.org:bth-26188"
Search: onr:"swepub:oai:DiVA.org:bth-26188" > Evaluating software...
- 1 of 1
- Previous record
- Next record
- To hitlist
Evaluating software security maturity using OWASP SAMM : Different approaches and stakeholders perceptions
-
- Fucci, Davide, 1985- (author)
- Blekinge Tekniska Högskola,Institutionen för programvaruteknik
-
- Alégroth, Emil, 1984- (author)
- Blekinge Tekniska Högskola,Institutionen för programvaruteknik
-
- Felderer, Michael, 1978- (author)
- Blekinge Tekniska Högskola,Institutionen för programvaruteknik
- show more...
- show less...
- (creator_code:org_t)
- Elsevier, 2024
- 2024
- English.
- In: Journal of Systems and Software. - : Elsevier. - 0164-1212 .- 1873-1228. ; 214
- Journal article (peer-reviewed)
Abstract
Subject headings
Close
- Background: Recent years have seen a surge in cyber-attacks, which can be prevented or mitigated using software security activities. OWASP SAMM is a maturity model providing a versatile way for companies to assess their security posture and plan for improvements. Objective: We perform an initial SAMM assessment in collaboration with a company in the financial domain. Our objective is to assess a holistic inventory of the company security-related activities, focusing on how different roles perform the assessment and how they perceive the instrument used in the process. Methodology: We perform a case study to collect data using SAMM in a lightweight and novel manner through assessment using an online survey with 17 participants and a focus group with seven participants. Results: We show that different roles perceive maturity differently and that the two assessments deviate only for specific practices making the lightweight approach a viable and efficient solution in industrial practice. Our results indicate that the questions included in the SAMM assessment tool are answered easily and confidently across most roles. Discussion: Our results suggest that companies can productively use a lightweight SAMM assessment. We provide nine lessons learned for guiding industrial practitioners in the evaluation of their current security posture as well as for academics wanting to utilize SAMM as a research tool in industrial settings. Editor's note: Open Science material was validated by the Journal of Systems and Software Open Science Board. © 2024 The Author(s)
Subject headings
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
Keyword
- Industry-academia collaboration
- OWASP SAMM
- Software security
- Cybersecurity
- Industrial research
- Petroleum reservoir evaluation
- Cyber-attacks
- Evaluating software
- Financial domains
- Maturity model
- Open science
- Security activities
- Stakeholder perception
- Network security
Publication and Content Type
- ref (subject category)
- art (subject category)
Find in a library
- Journal of Systems and Software (Search for host publication in LIBRIS)
To the university's database
- 1 of 1
- Previous record
- Next record
- To hitlist
Find more in SwePub
- By the author/editor
- Fucci, Davide, 1 ...
- Alégroth, Emil, ...
- Felderer, Michae ...
- Johannesson, Chr ...
- About the subject
-
- NATURAL SCIENCES
- NATURAL SCIENCES
- and Computer and Inf ...
- and Software Enginee ...
- Articles in the publication
- Journal of Syste ...
- By the university
- Blekinge Institute of Technology
Search outside SwePub
- Extend your search to:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - National Library Systems
- LIBRIS.kb.se
