{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T05:54:07Z","timestamp":1763445247853,"version":"3.40.3"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319584591"},{"type":"electronic","value":"9783319584607"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-58460-7_29","type":"book-chapter","created":{"date-parts":[[2017,5,12]],"date-time":"2017-05-12T11:08:42Z","timestamp":1494587322000},"page":"414-431","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A Case Study: Heartbleed Vulnerability Management and Swedish Municipalities"],"prefix":"10.1007","author":[{"given":"Shao-Fang","family":"Wen","sequence":"first","affiliation":[]},{"given":"Stewart","family":"Kowalski","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,13]]},"reference":[{"key":"29_CR1","unstructured":"Al Sabbagh, B., Kowalski, S.: A socio-technical framework for threat modeling a software supply chain. In: The 2013 Dewald Roode Workshop on Information Systems Security Research, 4\u20135 October 2013, Niagara Falls, New York, USA. International Federation for Information Processing (2013)"},{"key":"29_CR2","unstructured":"Alsabbagh, B., Kowalski, S.: A cultural adaption model for global cyber security warning systems. In: 5th International Conference on Communications, Networking and Information Technology Dubai, UAE (2011)"},{"key":"29_CR3","volume-title":"\u00d6ppen k\u00e4llkod inom kommuner-Analys av risker och m\u00f6jligheter. Bachelor","author":"C Andersson","year":"2014","unstructured":"Andersson, C.: \u00d6ppen k\u00e4llkod inom kommuner-Analys av risker och m\u00f6jligheter. Bachelor. Sk\u00f6vde H\u00f6gskola, Sweden (2014)"},{"key":"29_CR4","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-662-43745-2_8","volume-title":"Enterprise, Business-Process and Information Systems Modeling","author":"I Bider","year":"2014","unstructured":"Bider, I., Kowalski, S.: A framework for synchronizing human behavior, processes and support systems using a socio-technical approach. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS\/EMMSAD-2014. LNBIP, vol. 175, pp. 109\u2013123. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-43745-2_8"},{"key":"29_CR5","volume-title":"Business Research Methods","author":"A Bryman","year":"2015","unstructured":"Bryman, A., Bell, E.: Business Research Methods. Oxford University Press, New York (2015)"},{"key":"29_CR6","unstructured":"CERT-SE: BM14-001 - Allvarlig s\u00e5rbarhet i bash. Blixtmeddelande. 25 September 2014. https:\/\/www.cert.se\/2014\/09\/bm14-001-allvarlig-sarbarhet-i-bash"},{"key":"29_CR7","unstructured":"CERT-SE: CERT-SE\u2019s newsletter v. 17. CERT-SE, 25 April 2014. https:\/\/www.cert.se\/2014\/04\/cert-se-s-veckobrev-v-17"},{"key":"29_CR8","unstructured":"Datatracker: TLS and DTLS Heartbeat Extension. Datatracker, February 2012. https:\/\/datatracker.ietf.org\/doc\/rfc6520\/"},{"key":"29_CR9","volume-title":"The Good Research Guide for Small-Scale Research Project","author":"M Denscombe","year":"2010","unstructured":"Denscombe, M.: The Good Research Guide for Small-Scale Research Project, 4th edn. Open University Press, Maidenhead (2010)","edition":"4"},{"key":"29_CR10","unstructured":"Dickson, \u00c5.: Buggen visar allt du vill skydda utan att det m\u00e4rks. SVT, 10 April 2014. http:\/\/www.svt.se\/nyheter\/buggen-visar-allt-du-vill-skydda-utan-att-det-marks"},{"key":"29_CR11","unstructured":"Drevfj\u00e4ll, L.: Information fr\u00e5n din e-port kan l\u00e4cka ut. Expressen, 8 April 2014. http:\/\/www.expressen.se\/nyheter\/information-fran-din-e-post-kan-lacka-ut\/"},{"key":"29_CR12","doi-asserted-by":"crossref","unstructured":"Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M.: The matter of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference. ACM (2014)","DOI":"10.1145\/2663716.2663755"},{"key":"29_CR13","unstructured":"Eriksson, G.: N\u00e4tets \u201cst\u00f6rsta s\u00e4kerhetsl\u00e4cka n\u00e5gonsin\u201d uppt\u00e4ckt. Metro, 8 April 2014. http:\/\/www.metro.se\/teknik\/natets-storsta-sakerhetslacka-nagonsin-upptackt\/EVHndh!Wcv38F6U6n8Es\/"},{"key":"29_CR14","unstructured":"Github: OpenSSL heartbeat PoC. gist.github.com (2014). https:\/\/gist.github.com\/takeshixx\/10107280"},{"key":"29_CR15","unstructured":"Graziano, J.: Spam Campaign Spreading Malware Disguised as HeartBleed Bug Virus Removal Tool. Symantec Official Blog, 27 May 2014. http:\/\/www.symantec.com\/connect\/blogs\/spam-campaign-spreading-malware-disguised-heartbleed-bug-virus-removal-tool"},{"key":"29_CR16","unstructured":"Grubb, B.: Heartbleed disclosure timeline: who knew what and when. Sydney Morning Herald, 15 April 2014. http:\/\/www.smh.com.au\/it-pro\/security-it\/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html"},{"key":"29_CR17","unstructured":"Heartbleed: The Heartbleed bug (2014). http:\/\/heartbleed.com\/"},{"key":"29_CR18","unstructured":"Jackson, W.: Sonatype Open Source Development and Application Security Survey. Electronic document (2014). http:\/\/img.en25.com\/Web\/SonatypeInc\/%7B138a2551-edac-46a3-bfcb-240352a42fed%7D_2014SurveyResults_july-14-14.pdf"},{"key":"29_CR19","doi-asserted-by":"crossref","unstructured":"Karokola, G., Kowalski, S., Yngstrom, L.: Secure e-government services: towards a framework for integrating it security services into e-government maturity models. In: Information Security South Africa (ISSA). IEEE (2011)","DOI":"10.1109\/ISSA.2011.6027525"},{"key":"29_CR20","unstructured":"Karokola, G., Kowalski, S., Yngstr\u00f6m, L.: Towards an information security maturity model for secure e-government services: a stakeholders view. In: HAISA (2011)"},{"key":"29_CR21","unstructured":"Karokola, G.R., Kowalski, S., Mwakalinga, G.J., Rukiza, V.: Secure e-government adoption: a case study of Tanzania. In: European Security Conference (2011)"},{"key":"29_CR22","unstructured":"Kihlstr\u00f6m, S.: Bugg \u00f6ppnade h\u00e5l i Krypteringsprogram. Dagens Nyheter, 8 April 2014. http:\/\/www.dn.se\/ekonomi\/bugg-oppnade-hal-i-krypteringsprogram\/"},{"key":"29_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-319-26287-1_3","volume-title":"Hardware and Software: Verification and Testing","author":"B Kiss","year":"2015","unstructured":"Kiss, B., Kosmatov, N., Pariente, D., Puccetti, A.: Combining static and dynamic analyses for vulnerability detection: illustration on heartbleed. In: Piterman, N. (ed.) HVC 2015. LNCS, vol. 9434, pp. 39\u201350. Springer, Cham (2015). doi:10.1007\/978-3-319-26287-1_3"},{"key":"29_CR24","unstructured":"Kowalski, S.: IT insecurity: a multi-discipline inquiry. Ph.D. thesis, Department of Computer and System Sciences, University of Stockholm and Royal Institute of Technology, Sweden (1994). ISBN: 91-7153-207-2"},{"key":"29_CR25","unstructured":"Kupsch, J.A., Miller, B.P.: Why do software assurance tools have problems finding bugs like heartbleed? Continuous Software Assurance Marketplace, 22 April 2014"},{"key":"29_CR26","unstructured":"Langley, A.: Time to update all OpenSSL 1.0.1 to 1.0.1g to fix CVE-2014-0160. Twitter, 7 April 2014. https:\/\/twitter.com\/agl__\/status\/453235260520542208"},{"key":"29_CR27","doi-asserted-by":"crossref","unstructured":"Lee, C., Yi, L., Tan, L.-H., Goh, W., Lee, B.-S., Yeo, C.-K.: A wavelet entropy-based change point detection on network traffic: a case study of heartbleed vulnerability. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom). IEEE (2014)","DOI":"10.1109\/CloudCom.2014.78"},{"issue":"6","key":"29_CR28","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1111\/j.1365-2575.2010.00348.x","volume":"20","author":"B Lundell","year":"2010","unstructured":"Lundell, B., Lings, B., Lindqvist, E.: Open source in Swedish companies: where are we? Inf. Syst. J. 20(6), 519\u2013535 (2010)","journal-title":"Inf. Syst. J."},{"key":"29_CR29","unstructured":"Lyne, J.: Heartbleed Roundup: Hacking Made Easy, First Victims Come to Light and Heartbleed Hacker Arrested. forbes.com, 17 April 2014. http:\/\/www.forbes.com\/sites\/jameslyne\/2014\/04\/17\/heartbleed-roundup-hacking-made-easy-first-victims-come-to-light-and-heartbleed-hacker-arrested\/#3f8fe3e01fe6"},{"key":"29_CR30","volume-title":"Social Research","author":"T May","year":"2011","unstructured":"May, T.: Social Research. Open University Press, Buckingham (2011)"},{"key":"29_CR31","unstructured":"MSB: Att l\u00e4ra stort fr\u00e5n sm\u00e5 incidenter, July 2012. https:\/\/www.msb.se\/RibData\/Filer\/pdf\/26272.pdf"},{"key":"29_CR32","volume-title":"Qualitative Research in Business and Management","author":"MD Myers","year":"2013","unstructured":"Myers, M.D.: Qualitative Research in Business and Management. SAGE, Thousand Oaks (2013)"},{"key":"29_CR33","unstructured":"NIST: Vulnerability Summary for CVE-2014-0160. NVD, 7 April 2014. https:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-0160"},{"key":"29_CR34","unstructured":"O\u2019Reilly, T.: Ten Myths About Open Source Software (1999). http:\/\/archive.oreilly.com\/lpt\/a\/2019"},{"key":"29_CR35","unstructured":"Persson, I.: Skatteuppgifter stulna i Kanada efter Heartbleed. Omni, 15 April 2014. http:\/\/www.aftonbladet.se\/nyheter\/article18688985.ab"},{"key":"29_CR36","unstructured":"Project, O.: OpenSSL Security Advisory. Mail-Archive, 7 April 2014. http:\/\/www.mail-archive.com\/openssl-users@openssl.org\/msg73408.html"},{"key":"29_CR37","unstructured":"Project, O.: OpenSSL Version 1.0.1g Released. Mail-Archive, 7 April 2014. http:\/\/www.mail-archive.com\/openssl-users@openssl.org\/msg73407.html"},{"key":"29_CR38","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-319-17837-0_10","volume-title":"Open Source Systems: Adoption and Impact","author":"L Ramanathan","year":"2015","unstructured":"Ramanathan, L., Iyer, S.K.: A qualitative study on the adoption of open source software in information technology outsourcing organizations. In: Damiani, E., Frati, F., Riehle, D., Wasserman, Anthony I. (eds.) OSS 2015. IAICT, vol. 451, pp. 103\u2013113. Springer, Cham (2015). doi:10.1007\/978-3-319-17837-0_10"},{"key":"29_CR39","unstructured":"Regeringen: Fr\u00e5n IT-politik f\u00f6r samh\u00e4llet till politik f\u00f6r IT-samh\u00e4llet. Digital document (2004). http:\/\/www.regeringen.se\/rattsdokument\/proposition\/2005\/07\/prop.-200405175\/"},{"key":"29_CR40","unstructured":"Riksrevisionen: NIS-direktivet. NIS-direktivet (2013). http:\/\/www.riksdagen.se\/sv\/Dokument-Lagar\/EU\/Fakta-PM-om-EU-forslag\/NIS-direktivet_H006FPM68\/"},{"key":"29_CR41","unstructured":"Riksrevisionen: Riksrevisionens rapport om informationss\u00e4kerhet i den civila statsf\u00f6rvaltningen, March 2015. https:\/\/data.riksdagen.se\/fil\/BE7AD878-9C78-4756-95B0-F1617EAB2241"},{"key":"29_CR42","unstructured":"Sambrk: Municipalities for Joint Development of e-Services. http:\/\/www.sambruk.se\/ovrigt\/inenglish.4.72ebdc8412fd172bb7480001338.html"},{"key":"29_CR43","unstructured":"SKL: Kommuner och Landsting. http:\/\/skl.se\/tjanster\/kommunerlandsting.431.html"},{"key":"29_CR44","doi-asserted-by":"crossref","unstructured":"Torres, G., Liu, C.: Can data-only exploits be detected at runtime using hardware events? A case study of the Heartbleed vulnerability. In: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. ACM (2016)","DOI":"10.1145\/2948618.2948620"},{"key":"29_CR45","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/978-3-319-17837-0_11","volume-title":"Open Source Systems: Adoption and Impact","author":"D Tosi","year":"2015","unstructured":"Tosi, D., Lavazza, L., Morasca, S., Chiappa, M.: Surveying the adoption of FLOSS by public administration local organizations. In: Damiani, E., Frati, F., Riehle, D., Wasserman, Anthony I. (eds.) OSS 2015. IAICT, vol. 451, pp. 114\u2013123. Springer, Cham (2015). doi:10.1007\/978-3-319-17837-0_11"},{"key":"29_CR46","unstructured":"Wikipedia: Heartbleed. CERT-SE, 25 April 2014. https:\/\/en.wikipedia.org\/wiki\/Heartbleed"},{"key":"29_CR47","unstructured":"Williams, C.: Anatomy of OpenSSL\u2019s Heartbleed: just four bytes trigger horror bug. TheRegister, 9 April 2014. http:\/\/www.theregister.co.uk\/2014\/04\/09\/heartbleed_explained\/"},{"key":"29_CR48","unstructured":"Winter, J.S.: Upphandlare missar inl\u00e5sningseffekter. Upphandling24, 18 June 2014. http:\/\/sverigesradio.se\/sida\/artikel.aspx?programid=83&artikel=5834048"},{"key":"29_CR49","unstructured":"Wu, H.: Heartbleed OpenSSL vulnerability: a Forensic Case Study at Medical School. NJMS Advancing Research IT, May 2014. http:\/\/research.njms.rutgers.edu\/m\/it\/Publications\/docs\/Heartbleed_OpenSSL_Vulnerability_a_Forensic_Case_Study_at_Medical_School.pdf"},{"key":"29_CR50","doi-asserted-by":"crossref","unstructured":"Zhang, L., Choffnes, D., Levin, D., Dumitras, T., Mislove, A., Schulman, A., Wilson, C.: Analysis of SSL certificate reissues and revocations in the wake of Heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference. ACM (2014)","DOI":"10.1145\/2663716.2663758"}],"container-title":["Lecture Notes in Computer Science","Human Aspects of Information Security, Privacy and Trust"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-58460-7_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,1]],"date-time":"2021-07-01T02:00:19Z","timestamp":1625104819000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-58460-7_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319584591","9783319584607"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-58460-7_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"13 May 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HAS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human Aspects of Information Security, Privacy, and Trust","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vancouver, BC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"has2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}