{"id":"https://openalex.org/W7118481572","doi":"https://doi.org/10.1186/s42400-025-00543-6","title":"Software vulnerability management in IoT systems: a systematic mapping study","display_name":"Software vulnerability management in IoT systems: a systematic mapping study","publication_year":2026,"publication_date":"2026-01-07","ids":{"openalex":"https://openalex.org/W7118481572","doi":"https://doi.org/10.1186/s42400-025-00543-6"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-025-00543-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00543-6","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00543-6.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00543-6.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052469382","display_name":"Fariha Tasmin Jaigirdar","orcid":"https://orcid.org/0000-0003-1119-6056"},"institutions":[{"id":"https://openalex.org/I149704539","display_name":"Deakin University","ror":"https://ror.org/02czsnj07","country_code":"AU","type":"education","lineage":["https://openalex.org/I149704539"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Fariha Tasmin Jaigirdar","raw_affiliation_strings":["School of Information Technology, Deakin University, Melbourne, Victoria, Australia"],"affiliations":[{"raw_affiliation_string":"School of Information Technology, Deakin University, Melbourne, Victoria, Australia","institution_ids":["https://openalex.org/I149704539"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121988347","display_name":"Asangi Jayatilaka","orcid":null},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]},{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Asangi Jayatilaka","raw_affiliation_strings":["Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide, Adelaide, Australia","School of Computing Technologies, RMIT, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide, Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]},{"raw_affiliation_string":"School of Computing Technologies, RMIT, Melbourne, Australia","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5122002856","display_name":"M. Ali Babar","orcid":null},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"The University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"M. Ali Babar","raw_affiliation_strings":["Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide, Adelaide, Australia"],"affiliations":[{"raw_affiliation_string":"Centre for Research on Engineering Software Technologies (CREST), The University of Adelaide, Adelaide, Australia","institution_ids":["https://openalex.org/I5681781"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052469382"],"corresponding_institution_ids":["https://openalex.org/I149704539"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.02102503,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"9","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3231000006198883,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.3231000006198883,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.1687999963760376,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.09830000251531601,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6714000105857849},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.6564000248908997},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5444999933242798},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5324000120162964},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5185999870300293},{"id":"https://openalex.org/keywords/sophistication","display_name":"Sophistication","score":0.4828999936580658},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4178999960422516}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6714000105857849},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.6564000248908997},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6517000198364258},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6049000024795532},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5444999933242798},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5324000120162964},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5185999870300293},{"id":"https://openalex.org/C168725872","wikidata":"https://www.wikidata.org/wiki/Q991663","display_name":"Sophistication","level":2,"score":0.4828999936580658},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.4230000078678131},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4178999960422516},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3747999966144562},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.3549000024795532},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.34200000762939453},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.30959999561309814},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2847999930381775},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2802000045776367},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.2799000144004822},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.2777000069618225},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.26080000400543213},{"id":"https://openalex.org/C71008984","wikidata":"https://www.wikidata.org/wiki/Q2890076","display_name":"Rigour","level":2,"score":0.25189998745918274}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s42400-025-00543-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00543-6","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00543-6.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:1674a90d337f442aae3edadb0fc0e3b8","is_oa":true,"landing_page_url":"https://doaj.org/article/1674a90d337f442aae3edadb0fc0e3b8","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 9, Iss 1, Pp 1-26 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-025-00543-6","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00543-6","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00543-6.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320315885","display_name":"Australian Government","ror":"https://ror.org/0314h5y94"},{"id":"https://openalex.org/F4320320970","display_name":"Deakin University","ror":"https://ror.org/02czsnj07"},{"id":"https://openalex.org/F4320320978","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W7118481572.pdf"},"referenced_works_count":50,"referenced_works":["https://openalex.org/W4214443","https://openalex.org/W2090526358","https://openalex.org/W2106956101","https://openalex.org/W2142168034","https://openalex.org/W2346707096","https://openalex.org/W2508317201","https://openalex.org/W2765188650","https://openalex.org/W2769593477","https://openalex.org/W2868191876","https://openalex.org/W2891512841","https://openalex.org/W2910222590","https://openalex.org/W2924853426","https://openalex.org/W2943546107","https://openalex.org/W2968774960","https://openalex.org/W2969468102","https://openalex.org/W2970842182","https://openalex.org/W2977197541","https://openalex.org/W3014765529","https://openalex.org/W3023398824","https://openalex.org/W3037923113","https://openalex.org/W3040521429","https://openalex.org/W3043970365","https://openalex.org/W3085712007","https://openalex.org/W3087386645","https://openalex.org/W3109519143","https://openalex.org/W3124632720","https://openalex.org/W3156373599","https://openalex.org/W3157132382","https://openalex.org/W3160737512","https://openalex.org/W3162169306","https://openalex.org/W3184339106","https://openalex.org/W3193339215","https://openalex.org/W3213070675","https://openalex.org/W3214913126","https://openalex.org/W4205168310","https://openalex.org/W4205349781","https://openalex.org/W4210632322","https://openalex.org/W4220995786","https://openalex.org/W4285051903","https://openalex.org/W4285296041","https://openalex.org/W4285728247","https://openalex.org/W4308306418","https://openalex.org/W4311277365","https://openalex.org/W4312516075","https://openalex.org/W4378715571","https://openalex.org/W4384345694","https://openalex.org/W4388440664","https://openalex.org/W4402526339","https://openalex.org/W4412918368","https://openalex.org/W7083033267"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"The":[1,50,233],"Internet":[2],"of":[3,41,52,132,135,144,167,188,213,221,242,261,287],"Things":[4],"(IoT)":[5],"has":[6,29,58,238],"rapidly":[7],"emerged":[8],"as":[9],"a":[10,33,60,73,141,148,218,285],"ubiquitous":[11],"and":[12,23,39,43,48,102,108,129,165,183,268],"pervasive":[13],"paradigm":[14],"in":[15,36,70,85,94,112,114,137,175,203,280],"software":[16,54,68,226,234],"development,":[17],"significantly":[18],"impacting":[19],"both":[20],"social":[21],"life":[22],"business":[24],"environments.":[25],"However,":[26],"this":[27,122,176,281],"growth":[28],"also":[30,247],"led":[31],"to":[32,55,120,159,199,252],"corresponding":[34],"increase":[35,84],"the":[37,64,82,104,133,162,172,180,186,189,214,225,239,273,277],"number":[38,220],"sophistication":[40],"threats":[42],"attacks":[44],"targeting":[45],"IoT":[46,53,71,95,115,138,204],"devices":[47],"services.":[49],"vulnerability":[51,205,227,235],"security":[56],"breaches":[57],"become":[59],"significant":[61],"concern":[62],"for":[63,224],"research":[65,289],"community.":[66],"Managing":[67],"vulnerabilities":[69],"is":[72],"hugely":[74],"challenging":[75],"process":[76],"involving":[77],"several":[78],"socio-technical":[79,105,142,173,201],"decisions.":[80],"Despite":[81],"rapid":[83],"primary":[86],"studies":[87,99,111,158],"focusing":[88],"on":[89,154,272],"Software":[90],"Vulnerability":[91],"Management":[92],"(SVM)":[93],"systems,":[96],"no":[97],"secondary":[98],"specifically":[100],"identify":[101,171],"analyse":[103],"challenges,":[106],"solutions,":[107,215],"state-of-the-art":[109],"evaluation":[110,256],"SVM":[113,136],"systems.":[116],"This":[117,245],"paper":[118],"aims":[119],"address":[121],"gap":[123],"by":[124],"systematically":[125],"identifying,":[126],"classifying,":[127],"comparing,":[128],"evaluating":[130],"state":[131],"art":[134],"systems":[139],"from":[140],"point":[143,198],"view.":[145],"We":[146],"conducted":[147],"systematic":[149],"mapping":[150],"study":[151],"(SMS)":[152],"based":[153],"73":[155],"qualitatively":[156],"selected":[157],"i)":[160],"classify":[161,179],"types,":[163],"frequency,":[164],"demography":[166],"published":[168],"research;":[169],"ii)":[170],"challenges":[174,202],"regard;":[177],"iii)":[178],"reported":[181],"solutions;":[182],"iv)":[184],"understand":[185],"rigour":[187],"evaluation,":[190],"including":[191],"real-world":[192],"application.":[193],"In":[194,211],"summary,":[195],"our":[196],"results":[197],"32":[200],"management,":[206],"where":[207],"most":[208],"are":[209],"practice-related.":[210],"terms":[212],"we":[216,283],"found":[217],"maximum":[219],"solutions":[222,243],"proposed":[223],"identification":[228],"stage,":[229],"with":[230,265],"22":[231],"frameworks.":[232],"disclosure":[236],"stage":[237],"least":[240],"amount":[241],"reported.":[244],"SMS":[246],"reveals":[248],"that":[249,275],"there":[250],"needs":[251],"be":[253],"more":[254,258],"rigorous":[255],"using":[257],"mature":[259],"forms":[260],"evaluations":[262],"like":[263],"simulation":[264],"real":[266],"data":[267],"case":[269],"studies.":[270],"Based":[271],"findings":[274],"highlight":[276],"important":[278],"concerns":[279],"domain,":[282],"recommend":[284],"list":[286],"future":[288],"directions.":[290]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-01-08T00:00:00"}