Sharing of vulnerability information among companies -- a survey of Swedish companies

06/11/2019
by   Thomas Olsson, et al.
0

Software products are rarely developed from scratch and vulnerabilities in such products might reside in parts that are either open source software or provided by another organization. Hence, the total cybersecurity of a product often depends on cooperation, explicit or implicit, between several organizations. We study the attitudes and practices of companies in software ecosystems towards sharing vulnerability information. Furthermore, we compare these practices to contemporary cybersecurity recommendations. This is performed through a questionnaire-based qualitative survey. The questionnaire is divided into two parts: the providers' perspective and the acquirers' perspective. The results show that companies are willing to share information with each other regarding vulnerabilities. Sharing is not considered to be harmful neither to the cybersecurity nor their business, even though a majority of the respondents consider vulnerability information sensitive. However, the companies, despite being open to sharing, are less inclined to proactively sharing vulnerability information. Furthermore, the providers do not perceive that there is a large interest in vulnerability information from their customers. Hence, the companies' overall attitude to sharing vulnerability information is passive but open. In contrast, contemporary cybersecurity guidelines recommend active disclosure and sharing among actors in an ecosystem.

READ FULL TEXT

page 1

page 5

page 6

research
03/09/2021

Vulnerability Detection is Just the Beginning

Vulnerability detection plays a key role in secure software development....
research
03/06/2022

Vulnerability Detection in Open Source Software: An Introduction

This paper is an introductory discussion on the cause of open source sof...
research
07/13/2020

SMEs Confidentiality Concerns for Security Information Sharing

Small and medium sized enterprises are considered an essential part of t...
research
09/24/2019

Ethical Hacking for IoT Security: A First Look into Bug Bounty Programs and Responsible Disclosure

The security of the Internet of Things (IoT) has attracted much attentio...
research
09/03/2021

Open Data Ecosystems – an empirical investigation into an emerging industry collaboration concept

Software systems are increasingly depending on data, particularly with t...
research
07/30/2022

Motivating the Contributions: An Open Innovation Perspective on What to Share as Open Source Software

Open Source Software (OSS) ecosystems have reshaped the ways how softwar...
research
01/22/2022

Long-term Data Sharing under Exclusivity Attacks

The quality of learning generally improves with the scale and diversity ...

Please sign up or login with your details

Forgot password? Click here to reset