Security V&V Within Software SMEs: A Socio-Technical Interaction Network Analysis
نویسندگان
چکیده
Within this paper we provide insight into how the activities associated with security verification and validation (V&V) are practiced, supported, and perceived, within software SMEs. We justify the importance of studying security V&V as a socio-technical activity and employ the Socio-Technical Interaction Network (STIN) framework when presenting the results of an industry-based empirical study. In summary, the results indicate that software SMEs are significantly less confident in their engagement with security-focused V&V activities as opposed to traditional software V&V. This includes their ability to perform and own the activities, as well as how they are supported and managed within the organisations studied. This suggests that security-focused V&V activities have not reached the same degree of maturity as the more traditional software V&V activities within software SMEs.
منابع مشابه
Security Verification and Validation by Software SMEs: Theory versus Practice
To improve software engineering practice it is essential to observe the socio-technical realities that surround software development within an industrial context. There is a lack of empirical knowledge of security verification and validation practice within an SME context. When coupled with the recognised importance, and inherent complexities, of such practice, it appears fundamentally sound to...
متن کاملModelling and reasoning about security requirements in socio-technical systems
Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on...
متن کاملOn Tools for Socio-Technical Security Analysis
Many systems are hacked daily and apparently without much effort (e.g., see [1]). This happens because hackers prefer not to break security mechanisms immediately, but rather to target unguarded components first. Such components, e.g., users and human-computer ceremonies [2], are hacked by exploiting cognitive features (e.g., trust) and people’s dismay with ill-designed interfaces. These user-r...
متن کاملBusiness Culture and the Death of a Portal
After receiving a Government grant under an ‘e-commerce early movers’ scheme, the Western Region Economic Development Organisation in Melbourne conceived and developed a business-to-business portal for use by small to medium enterprises (SME) in the region. This innovative project was to create a horizontal portal – Bizewest, which would enable the whole range of SMEs in Melbourne’s west to eng...
متن کاملSTS-Tool 3.0: Maintaining Security in Socio-Technical Systems
In this paper, we present STS-Tool 3.0: a software tool that helps security requirement engineers in maintaining high level of security in socio-technical systems. STS-Tool 3.0 allows to specify social/organizational security requirements and to enforce them in part of the implementation of socio-technical systems.
متن کامل