{"id":"https://openalex.org/W4391660133","doi":"https://doi.org/10.1007/978-3-031-53227-6_23","title":"An Evaluation of\u00a0the\u00a0Product Security Maturity Model Through Case Studies at 15 Software Producing Organizations","display_name":"An Evaluation of\u00a0the\u00a0Product Security Maturity Model Through Case Studies at 15 Software Producing Organizations","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4391660133","doi":"https://doi.org/10.1007/978-3-031-53227-6_23"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-031-53227-6_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-031-53227-6_23","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-031-53227-6_23.pdf","source":{"id":"https://openalex.org/S4210177767","display_name":"Lecture notes in business information processing","issn_l":"1865-1348","issn":["1865-1348","1865-1356"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Business Information Processing","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-031-53227-6_23.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000166879","display_name":"Elena Baninemeh","orcid":"https://orcid.org/0000-0002-5201-1321"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Elena Baninemeh","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093893016","display_name":"Harold Toomey","orcid":null},"institutions":[{"id":"https://openalex.org/I1306686416","display_name":"RTX (United States)","ror":"https://ror.org/0354t7b78","country_code":"US","type":"company","lineage":["https://openalex.org/I1306686416"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Harold Toomey","raw_affiliation_strings":["Raytheon Technologies, Walthem, USA"],"affiliations":[{"raw_affiliation_string":"Raytheon Technologies, Walthem, USA","institution_ids":["https://openalex.org/I1306686416"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017922848","display_name":"Katsiaryna Labunets","orcid":"https://orcid.org/0000-0003-0884-2440"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Katsiaryna Labunets","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032382126","display_name":"Gerard Wagenaar","orcid":"https://orcid.org/0000-0001-6982-7282"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Gerard Wagenaar","raw_affiliation_strings":["Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018641262","display_name":"Slinger Jansen","orcid":"https://orcid.org/0000-0003-3752-2868"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]},{"id":"https://openalex.org/I63548447","display_name":"Lappeenranta-Lahti University of Technology","ror":"https://ror.org/0208vgz68","country_code":"FI","type":"education","lineage":["https://openalex.org/I63548447"]}],"countries":["FI","NL"],"is_corresponding":false,"raw_author_name":"Slinger Jansen","raw_affiliation_strings":["LUT University, Lappeenranta, Finland","Utrecht University, Utrecht, The Netherlands"],"affiliations":[{"raw_affiliation_string":"LUT University, Lappeenranta, Finland","institution_ids":["https://openalex.org/I63548447"]},{"raw_affiliation_string":"Utrecht University, Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5000166879"],"corresponding_institution_ids":["https://openalex.org/I193662353"],"apc_list":null,"apc_paid":null,"fwci":1.0876,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.72276892,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"327","last_page":"343"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.5729983448982239},{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.5126727819442749},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.4954448938369751},{"id":"https://openalex.org/keywords/product","display_name":"Product (mathematics)","score":0.4747377038002014},{"id":"https://openalex.org/keywords/service-integration-maturity-model","display_name":"Service Integration Maturity Model","score":0.4491260051727295},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44266027212142944},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.4291064739227295},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.42659685015678406},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3700544238090515},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3592952489852905},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.34677261114120483},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2420894205570221},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.10395914316177368},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.07482677698135376},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.06097498536109924}],"concepts":[{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.5729983448982239},{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.5126727819442749},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.4954448938369751},{"id":"https://openalex.org/C90673727","wikidata":"https://www.wikidata.org/wiki/Q901718","display_name":"Product (mathematics)","level":2,"score":0.4747377038002014},{"id":"https://openalex.org/C73890322","wikidata":"https://www.wikidata.org/wiki/Q7455693","display_name":"Service Integration Maturity Model","level":4,"score":0.4491260051727295},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44266027212142944},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.4291064739227295},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.42659685015678406},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3700544238090515},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3592952489852905},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.34677261114120483},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2420894205570221},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.10395914316177368},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.07482677698135376},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.06097498536109924},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-031-53227-6_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-031-53227-6_23","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-031-53227-6_23.pdf","source":{"id":"https://openalex.org/S4210177767","display_name":"Lecture notes in business information processing","issn_l":"1865-1348","issn":["1865-1348","1865-1356"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Business Information Processing","raw_type":"book-chapter"},{"id":"pmh:oai:dspace.library.uu.nl:1874/437102","is_oa":true,"landing_page_url":"https://dspace.library.uu.nl/handle/1874/437102","pdf_url":null,"source":{"id":"https://openalex.org/S4306401649","display_name":"Utrecht University Repository (Utrecht University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I193662353","host_organization_name":"Utrecht University","host_organization_lineage":["https://openalex.org/I193662353"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Part of book"}],"best_oa_location":{"id":"doi:10.1007/978-3-031-53227-6_23","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-031-53227-6_23","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-031-53227-6_23.pdf","source":{"id":"https://openalex.org/S4210177767","display_name":"Lecture notes in business information processing","issn_l":"1865-1348","issn":["1865-1348","1865-1356"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Business Information Processing","raw_type":"book-chapter"},"sustainable_development_goals":[{"score":0.49000000953674316,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4391660133.pdf"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W124349154","https://openalex.org/W1553284626","https://openalex.org/W1846192801","https://openalex.org/W2002356434","https://openalex.org/W2079484041","https://openalex.org/W2096134561","https://openalex.org/W2162739315","https://openalex.org/W2782969241","https://openalex.org/W2885424819","https://openalex.org/W2888379309","https://openalex.org/W2904829671","https://openalex.org/W2943372105","https://openalex.org/W2952028598","https://openalex.org/W2980596464","https://openalex.org/W2982412981","https://openalex.org/W2985017119","https://openalex.org/W3000402385","https://openalex.org/W3014301536","https://openalex.org/W3020045301","https://openalex.org/W3084222938","https://openalex.org/W3098037330","https://openalex.org/W3104759514","https://openalex.org/W3109049172","https://openalex.org/W3121814840","https://openalex.org/W3176765324","https://openalex.org/W4205862834","https://openalex.org/W4210255936","https://openalex.org/W4214516269","https://openalex.org/W4221141539","https://openalex.org/W4236250034","https://openalex.org/W4293197180","https://openalex.org/W4312649381","https://openalex.org/W4319430934","https://openalex.org/W4384345657","https://openalex.org/W6676013096"],"related_works":["https://openalex.org/W2806063704","https://openalex.org/W2889844859","https://openalex.org/W2530870121","https://openalex.org/W3175617745","https://openalex.org/W2912268755","https://openalex.org/W2992877076","https://openalex.org/W797518012","https://openalex.org/W2734763330","https://openalex.org/W2961659353","https://openalex.org/W4384822944"],"abstract_inverted_index":{"Abstract":[0],"Cybersecurity":[1],"is":[2,14,86,143],"becoming":[3],"increasingly":[4],"important":[5],"from":[6],"a":[7,22,56,68],"software":[8,12,37,57,60,69,79],"business":[9],"perspective.":[10],"The":[11,81,117],"that":[13,32,42,128,140],"produced":[15],"and":[16,28,59,115,139],"sold":[17],"generally":[18],"becomes":[19],"part":[20],"of":[21,25,49,67,78,106],"complex":[23],"landscape":[24],"customer":[26,33],"applications":[27],"enlarges":[29],"the":[30,46,50,65,90,104,107,129,141],"risk":[31],"organizations":[34,39,137],"take.":[35],"Increasingly,":[36],"producing":[38],"are":[40,44,72],"realizing":[41],"they":[43],"on":[45,103,112],"front":[47],"lines":[48],"cybersecurity":[51],"battles.":[52],"Maintaining":[53],"security":[54,77,83,109],"in":[55,89],"product":[58,82,108],"production":[61],"process":[62],"directly":[63],"influences":[64],"livelihood":[66],"business.":[70],"There":[71],"many":[73],"models":[74],"for":[75],"evaluating":[76],"products.":[80],"maturity":[84,110],"model":[85,111,142],"commonly":[87],"used":[88],"industry":[91],"but":[92],"has":[93,119],"not":[94,144],"received":[95],"academic":[96],"recognition.":[97],"In":[98],"this":[99],"paper":[100],"we":[101],"report":[102],"evaluation":[105,118],"usefulness,":[113],"applicability,":[114],"effectiveness.":[116],"been":[120],"performed":[121],"through":[122],"15":[123],"case":[124],"studies.":[125],"We":[126],"find":[127],"model,":[130],"though":[131],"rudimentary,":[132],"serves":[133],"medium":[134],"to":[135],"large":[136],"well":[138],"so":[145],"applicable":[146],"within":[147],"smaller":[148],"organizations.":[149]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}