DeepAI AI Chat
Log In Sign Up

Sharing of vulnerability information among companies -- a survey of Swedish companies

by   Thomas Olsson, et al.
RISE Research Institutes of Sweden

Software products are rarely developed from scratch and vulnerabilities in such products might reside in parts that are either open source software or provided by another organization. Hence, the total cybersecurity of a product often depends on cooperation, explicit or implicit, between several organizations. We study the attitudes and practices of companies in software ecosystems towards sharing vulnerability information. Furthermore, we compare these practices to contemporary cybersecurity recommendations. This is performed through a questionnaire-based qualitative survey. The questionnaire is divided into two parts: the providers' perspective and the acquirers' perspective. The results show that companies are willing to share information with each other regarding vulnerabilities. Sharing is not considered to be harmful neither to the cybersecurity nor their business, even though a majority of the respondents consider vulnerability information sensitive. However, the companies, despite being open to sharing, are less inclined to proactively sharing vulnerability information. Furthermore, the providers do not perceive that there is a large interest in vulnerability information from their customers. Hence, the companies' overall attitude to sharing vulnerability information is passive but open. In contrast, contemporary cybersecurity guidelines recommend active disclosure and sharing among actors in an ecosystem.


page 1

page 5

page 6


Vulnerability Detection is Just the Beginning

Vulnerability detection plays a key role in secure software development....

Vulnerability Detection in Open Source Software: An Introduction

This paper is an introductory discussion on the cause of open source sof...

SMEs Confidentiality Concerns for Security Information Sharing

Small and medium sized enterprises are considered an essential part of t...

Ethical Hacking for IoT Security: A First Look into Bug Bounty Programs and Responsible Disclosure

The security of the Internet of Things (IoT) has attracted much attentio...

Open Data Ecosystems – an empirical investigation into an emerging industry collaboration concept

Software systems are increasingly depending on data, particularly with t...

Motivating the Contributions: An Open Innovation Perspective on What to Share as Open Source Software

Open Source Software (OSS) ecosystems have reshaped the ways how softwar...

Long-term Data Sharing under Exclusivity Attacks

The quality of learning generally improves with the scale and diversity ...