No Silver Bullet: Towards Demonstrating Secure Software Development for Small and Medium Enterprises in a Business-to-Business Model

要旨

Software developing small and medium enterprises (SMEs) play a crucial role as suppliers to larger corporations and public administration. It is therefore necessary for them to be able to demonstrate that their products meet certain security criteria, both to gain trust of their customers and to comply to standards that demand such a demonstration. In this study we have investigated ways for SMEs to demonstrate their security when operating in a business-to-business model, conducting semi-structured interviews (N=16) with practitioners from different SMEs in Denmark and validating our findings in a follow-up workshop (N=6). Our findings indicate five distinctive security demonstration approaches, namely: Certifications, Reports, Questionnaires, Interactive Sessions and Social Proof. We discuss the challenges, benefits, and recommendations related to these approaches, concluding that none of them is a one-size-fits all solution and that more research into relative advantages of these approaches and their combinations is needed.

著者
Raha Asadi
IT University of Copenhagen, Copenhagen, Denmark
Bodil Biering
Cyberjuice, Copenhagen, Denmark
Vincent van Dijk
Security Scientist Consulting, Copenhagen, Denmark
Oksana Kulyk
IT University of Copenhagen, Copenhagen, Denmark
Elda Paja
IT University of Copenhagen, Copenhagen, Denmark
DOI

10.1145/3706598.3713931

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713931

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Trust Uncertainty and Security

Annex Hall F204
6 件の発表
2025-04-29 18:00:00
2025-04-29 19:30:00
日本語まとめ
読み込み中…