VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure

Dennig, Frederik L.; Cakmak, Eren; Plate, Henrik; Keim, Daniel A.

doi:10.48550/arxiv.2108.06259

Cited by 1 publication

(1 citation statement)

References 21 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research conducted by Dennig et al [42] on open-source software vulnerabilities in large organisations underscores a broader concept in cybersecurity: the significance of identifying third-party security risks. This study reveals how vulnerabilities in external software components, often integrated into larger systems, pose substantial risks.…”

Section: Third-party and Supply Chain Cybersecuritymentioning

confidence: 99%

IT Risk Management: Towards a System for Enhancing Objectivity in Asset Valuation That Engenders a Security Culture

Metin,

Duran,

Telli

et al. 2024

Information

View full text Add to dashboard Cite

In today’s technology-centric business environment, where organizations encounter numerous cyber threats, effective IT risk management is crucial. An objective risk assessment—based on information relating to business requirements, human elements, and the security culture within an organisation—can provide a sound basis for informed decision making, effective risk prioritisation, and the implementation of suitable security measures. This paper focuses on asset valuation, supply chain risk, and enhanced objectivity—via a “segregation of duties” approach—to extend and apply the capabilities of an established security culture framework. The resultant system design aims at mitigating subjectivity in IT risk assessments, thereby diminishing personal biases and presumptions to provide a more transparent and accurate understanding of the real risks involved. Survey responses from 16 practitioners working in the private and public sectors confirmed the validity of the approach but suggest it may be more workable in larger organisations where resources allow dedicated risk professionals to operate. This research contributes to the literature on IT and cyber risk management and provides new perspectives on the need to improve objectivity in asset valuation and risk assessment.

show abstract

Section: Third-party and Supply Chain Cybersecuritymentioning

confidence: 99%