Security V&V Within Software SMEs: A Socio-Technical Interaction Network Analysis

نویسندگان

  • Matthew Nicolas Kreeger
  • G. Harindranath
چکیده

Within this paper we provide insight into how the activities associated with security verification and validation (V&V) are practiced, supported, and perceived, within software SMEs. We justify the importance of studying security V&V as a socio-technical activity and employ the Socio-Technical Interaction Network (STIN) framework when presenting the results of an industry-based empirical study. In summary, the results indicate that software SMEs are significantly less confident in their engagement with security-focused V&V activities as opposed to traditional software V&V. This includes their ability to perform and own the activities, as well as how they are supported and managed within the organisations studied. This suggests that security-focused V&V activities have not reached the same degree of maturity as the more traditional software V&V activities within software SMEs.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Security Verification and Validation by Software SMEs: Theory versus Practice

To improve software engineering practice it is essential to observe the socio-technical realities that surround software development within an industrial context. There is a lack of empirical knowledge of security verification and validation practice within an SME context. When coupled with the recognised importance, and inherent complexities, of such practice, it appears fundamentally sound to...

متن کامل

Modelling and reasoning about security requirements in socio-technical systems

Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on...

متن کامل

On Tools for Socio-Technical Security Analysis

Many systems are hacked daily and apparently without much effort (e.g., see [1]). This happens because hackers prefer not to break security mechanisms immediately, but rather to target unguarded components first. Such components, e.g., users and human-computer ceremonies [2], are hacked by exploiting cognitive features (e.g., trust) and people’s dismay with ill-designed interfaces. These user-r...

متن کامل

Business Culture and the Death of a Portal

After receiving a Government grant under an ‘e-commerce early movers’ scheme, the Western Region Economic Development Organisation in Melbourne conceived and developed a business-to-business portal for use by small to medium enterprises (SME) in the region. This innovative project was to create a horizontal portal – Bizewest, which would enable the whole range of SMEs in Melbourne’s west to eng...

متن کامل

STS-Tool 3.0: Maintaining Security in Socio-Technical Systems

In this paper, we present STS-Tool 3.0: a software tool that helps security requirement engineers in maintaining high level of security in socio-technical systems. STS-Tool 3.0 allows to specify social/organizational security requirements and to enforce them in part of the implementation of socio-technical systems.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017