In Sweden, the use of open source software (OSS) in public sectors has been promoted by the government in recent years. A number of Swedish municipalities forms interest communities to share OSS information and work together with OSS issues. However, it lacks of studies and evidences that these municipalities have adequate routines for managing warnings and advices from the communities on OSS security incidents. The Heartbleed vulnerability that occurred in April 2014 was a sudden case for these municipalities to take remedial actions to protect their information assets in a timely manner. This work aims to take a socio-technical study of how Swedish municipalities utilizes information channels to handle the OSS security incident and their security posture before, during and after the incident. We conducted a case study for Heartbleed incident management in Swedish municipalities, where three municipalities located in different regions of the country were studied. This study used a qualitative research method combining with Security-by-Consensus (SBC) analytical model as a research paradigm for data collection, and processing and analysis. The result suggests that the socio-technical aspects of open source security should be taken into account in Swedish municipalities for OSS adoption and security incident management.
CITATION STYLE
Wen, S. F., & Kowalski, S. (2017). A case study: Heartbleed vulnerability management and Swedish municipalities. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10292 LNCS, pp. 414–431). Springer Verlag. https://doi.org/10.1007/978-3-319-58460-7_29
Mendeley helps you to discover research relevant for your work.