Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have ina...

The use of IoT devices in the future electricity domain (known as the smart grid) has numerous benefits, such as improved reliability of the power system, enhanced functions of SCADA (Supervisory Control and Data Acquisition), improved monitoring and management of operational power grid assets, and ...

Threat modelling is considered a key activity in secure software engineering. However, despite its documented benefits it has not (yet) been widely adopted by agile software development projects. In this paper we present results from a qualitative study of how it is performed in practice by four dif...

If the cloud is just someone else's computer, securing forensic evidence in case of a breach can be tricky. A blockchain-based distributed ledger could contribute to solve this problem, provided the required forensic information finds its way onto the blockchain. In this paper we sketch how blockcha...

Software in the cloud is predominantly developed using agile methodologies, where practices such as continuous deployment and DevOps contribute to increased speed and quick turnarounds. This increased speed does however require additional focus on software security in order to avoid security bugs an...

The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of grid topology monitoring and decision support systems with the remote control o...

To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evid...

Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated ...