HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

机译：havose：用于处理第三方OSS组件漏洞的成熟度模型

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and COTS components. The maturity model was designed by first reviewing industry interviews, current best practice guidelines and other maturity models. After that, the practices were refined through industry interviews, resulting in six capability areas covering in total 21 practices. These were then evaluated based on their importance according to industry experts. It is shown that the practices are seen as highly important, indicating that the model can be seen as a valuable tool when assessing strengths and weaknesses in an organization's ability to handle firmware updates.

机译：安全被认为是IOT采用的主要障碍。越来越多的连接设备和报告的软件漏洞增加了重要性固件更新。软件安全性的成熟模型确实包括其中的部分，但缺乏几个方面。本文介绍并评估了一个成熟的模型（Havoss），用于处理第三方OSS和COTS组件中的漏洞。成熟模型是通过首先审查行业访谈，当前最佳实践指南和其他成熟模型来设计的。之后，通过行业访谈提炼实践，导致六个能力领域共21项实践。然后根据行业专家根据其重要性评估这些。结果表明，该实践被视为非常重要，表明该模型可以在评估组织处理固件更新能力的能力中的优势和缺点时被视为有价值的工具。

著录项

来源
《International Conference on Product-Focused Software Process Improvement》|2018年|458p|共17页
会议地点
作者
Pegah Nikbakht Bideh; Martin Host; Martin Hell;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP311.5-53;
关键词
Maturity model; Software security; Software maintenance; Firmware updates; Vulnerabilities;

机译：成熟度模型;软件安全;软件维护;固件更新;漏洞;

相似文献

外文文献
中文文献
专利

1. An Approach of Vulnerability Testing for Third-Party Component Based on Condition and Parameter Mutation [J] . JinfuChen, JiameiChen, YongzhaoZhan, ScientificWorldJournal . 2013,第3期

机译：基于条件和参数突变的第三方组件的漏洞测试方法
2. Predicting the vulnerability of spacecraft components: Modelling debris impact effects through vulnerable-zones [J] . Mirko Trisolini, Hugh G. Lewis, Camilla Colombo Advances in space research . 2020,第11期

机译：预测航天器组分的脆弱性：通过脆弱的区域建模碎片影响效应
3. Credibility: How Agents Can Handle Unfair Third-Party Testimonies in Computational Trust Models [J] . Weng Jianshu, Shen Zhiqi, Miao Chunyan, Knowledge and Data Engineering, IEEE Transactions on . 2010,第9期

机译：信誉：代理如何在计算信任模型中处理不公平的第三方证词
4. HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components [C] . Pegah Nikbakht Bideh, Martin Hoest, Martin Hell International conference on product-focused software process improvement . 2018

机译：HAVOSS：用于处理第三方OSS组件中漏洞的成熟度模型
5. A vulnerability modeling approach for certifying security in components for e-commerce. [D] . Li, Zhixiong. 2008

机译：用于验证电子商务组件中安全性的漏洞建模方法。
6. An Approach of Vulnerability Testing for Third-Party Component Based on Condition and Parameter Mutation [O] . Jinfu Chen, Jiamei Chen, Yongzhao Zhan, 2013

机译：基于条件和参数变异的第三方组件漏洞测试方法
7. HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components [O] . Pegah Nikbakht Bideh, Martin Höst, Martin Hell 2018

机译：havose：用于处理第三方OSS组件漏洞的成熟度模型
8. Maturity Models 101: A Primer for Applying Maturity Models to Smart Grid Security, Resilience, and Interoperability. [R] . Caralli, R., Knight, M., Montgomery, A. 2012

机译：成熟度模型101：将成熟度模型应用于智能电网安全性，弹性和互操作性的入门手册。

HAVOSS: A Maturity Model for Handling Vulnerabilities in Third Party OSS Components

摘要

著录项

相似文献

相关主题

期刊订阅