Software Security Maturity in Public Organisations

Sammendrag

Software security is about building software that will be secure even when it is attacked. This paper presents results from a survey evaluating software security practices in software development lifecycles in 20 public organisations in Norway using the practices and activities of the Building Security In Maturity Model (BSIMM). The findings suggest that public organisations in Norway excel at Compliance and Policy activities when developing their own code, but that there is a large potential for improvement with respect to Metrics, Penetration testing, and Training of developers in secure software development.

Kategori

Vitenskapelig artikkel

Språk

Engelsk

Forfatter(e)

Martin Gilje Jaatun
Daniela Soares Cruzes
Karin Bernsmed
Inger Anne Tøndel
Lillian Røstad

Institusjon(er)

SINTEF Digital / Software Engineering, Safety and Security
Diverse norske bedrifter og organisasjoner

År

2015

Publisert i

Lecture Notes in Computer Science (LNCS)

ISSN

0302-9743

Forlag

Springer

Årgang

9290

Side(r)

120 - 138

DOI

https://doi.org/10.1007/978-3-319-23318-5_7

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss