{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T12:40:38Z","timestamp":1763037638319,"version":"3.28.0"},"reference-count":61,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,5,25]]},"DOI":"10.23919\/cycon51939.2021.9467805","type":"proceedings-article","created":{"date-parts":[[2021,7,5]],"date-time":"2021-07-05T20:27:07Z","timestamp":1625516827000},"page":"25-42","source":"Crossref","is-referenced-by-count":2,"title":["Impact of Good Corporate Practices for Security of Digital Products on Global Cyber Stability"],"prefix":"10.23919","author":[{"given":"Vladimir","family":"Radunovic","sequence":"first","affiliation":[]},{"given":"Jonas","family":"Gratz-Hoffmann","sequence":"additional","affiliation":[]},{"given":"Marilia","family":"Maciel","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1080\/23738871.2019.1671471","article-title":"Insecure at any bit rate: why Ralph Nader is the true OG of the software design industry","volume":"4","author":"paul","year":"2019","journal-title":"Journal of Cyber Policy"},{"key":"ref38","first-page":"109","article-title":"Hidden Engines of Destruction: The Reasonable Expectation of Code Safety and the Duty to Warn in Digital Products","volume":"62","author":"matwyshyn","year":"2010","journal-title":"Florida Law Review"},{"key":"ref33","article-title":"Opening Speech by Mr S Iswaran, Minister for Communications and Information, Minister-in-Charge of Cybersecurity","author":"iswaran","year":"2020","journal-title":"at the ASEAN Ministerial Conference on Cybersecurity 2020"},{"journal-title":"International Organization for Standardization [ISO]","year":"2014","key":"ref32"},{"journal-title":"Principles and Practices for Medical Device Cybersecurity","year":"2020","key":"ref31"},{"journal-title":"IEC 62443-4-2 2019","year":"2019","key":"ref30"},{"key":"ref37","first-page":"677","article-title":"Why Good Developers Write Bad Code: An Observational Case Study of the Impacts of Organizational Factors on Software Quality","volume":"1","author":"mathieu","year":"2015","journal-title":"2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering"},{"journal-title":"Ripple20 CVE-2020–11896 RCECVE-2020-11898 Info Leak","year":"2020","author":"moshe","key":"ref36"},{"key":"ref35","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1109\/MIC.2019.2926847","article-title":"Cyber Peace and Cyber Stability: Taking the Norm Road to Stability","volume":"23","author":"alexander","year":"2019","journal-title":"IEEE Internet Computing"},{"key":"ref34","first-page":"217","article-title":"Multistakeholder Participation in Cyberspace","volume":"26","author":"christine","year":"2016","journal-title":"Swiss Review of International and European Law"},{"key":"ref60","first-page":"73","article-title":"Defining Offensive Cyber Capabilities","author":"thomas","year":"2018","journal-title":"Briefing and Memos from the Research Advisory Group The Hague Centre for Strategic Studies GCSC Issue Brief 2 (Memo 3)"},{"journal-title":"Statement from the White House Press Secretary","year":"2018","key":"ref61"},{"key":"ref28","first-page":"80","article-title":"Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains","volume":"1","author":"hutchins","year":"2011","journal-title":"Leading Issues in Information Warfare & Security Research"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1080\/23738871.2018.1467942"},{"journal-title":"Internet of Things (IoT)Cyber Security Guide","year":"2020","key":"ref29"},{"key":"ref2","first-page":"358","article-title":"Why Information Security Is Hard - an Economic Perspective","author":"ross","year":"2001","journal-title":"Seventeenth Annual Computer Security Applications Conference"},{"key":"ref1","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.jclepro.2016.04.121","article-title":"Corporate Motives for Multi-Stakeholder Collaboration - Corporate Social Responsibility in the Electronics Supply Chains","volume":"131","author":"peppi-emilia","year":"2016","journal-title":"Journal of Cleaner Production"},{"journal-title":"Advancing Cyberstability Final Report","year":"2019","key":"ref20"},{"key":"ref22","article-title":"Proliferation of Cyber Norms: the Limitations of Traditional Diplomacy in Discussing Cyberconflict","author":"stefania pia","year":"2020","journal-title":"Conference paper for the 15th Annual GigaNet Symposium"},{"journal-title":"The untold story of notpetya the most devastating cyberattack in history","year":"2018","author":"andy","key":"ref21"},{"key":"ref24","article-title":"Stewardship of Cyberspace: Duties for Internet Service Providers","author":"hathaway","year":"2012","journal-title":"Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto"},{"journal-title":"Report of the Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security","year":"2015","key":"ref23"},{"key":"ref26","article-title":"The CERT Guide to Coordinated Vulnerability Disclosure","author":"householder","year":"2017","journal-title":"CMU\/SEI-2017-SR-022 Software Engineering Institute Carnegie Mellon University"},{"key":"ref25","volume":"219","author":"melissa","year":"2019","journal-title":"Patching Our Digital Future Is Unsustainable and Dangerous"},{"key":"ref50","article-title":"Baseline Study","author":"irina","year":"2019","journal-title":"Geneva Dialogue on Responsible Behaviour in Cyberspace Geneva Switzerland DiploFoundation"},{"key":"ref51","article-title":"Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems","author":"ron","year":"2016","journal-title":"National Institute of Standards and Technology NIST SP 800–82r2"},{"journal-title":"Group of Governmental Experts","year":"0","key":"ref59"},{"journal-title":"Open-ended working group on developments in the field of information and telecommunications in the context of international security Final Substantive Report","year":"0","key":"ref58"},{"journal-title":"Developments in the field of information and telecommunications in the context of international security","year":"0","key":"ref57"},{"journal-title":"Russian Military “Almost Certainly” Responsible for Destructive 2017 Cyber Attack","year":"2018","key":"ref56"},{"journal-title":"UK Telecoms Supply Chain Review Report’ UK Government Department for Digital Culture Media & Sport","year":"2019","key":"ref55"},{"journal-title":"Current Report United States Securities and Exchange Commission","year":"2020","key":"ref54"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/ICSAW.2017.25"},{"journal-title":"Amnesia 33’ Forescout","year":"2020","author":"daniel dos","key":"ref52"},{"journal-title":"Cybersecurity Labelling Scheme","year":"2020","key":"ref10"},{"journal-title":"Alert (AA20–352A) Advanced Persistent Threat Compromise of Government Agencies Critica l Infrastructure and Private Sector Organizations","year":"2020","key":"ref11"},{"journal-title":"How COVID-19 Has Pushed Companies over the Technology Tipping Point-and Transformed Business Forever","year":"2020","key":"ref40"},{"key":"ref12","article-title":"Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)","author":"donna","year":"2020","journal-title":"National Institute of Standards and Technology"},{"key":"ref13","article-title":"Secure Design Patterns","author":"dougherty","year":"2018","journal-title":"Software Engineering Institute"},{"key":"ref14","article-title":"Geneva Dialogue on Responsible Behaviour in Cyberspace: Private Sector (Framework Document)","author":"jaqueline","year":"2018","journal-title":"Geneva Dialogue on Responsible Behaviour in Cyberspace Zurich Switzerland ETH Zurich"},{"journal-title":"ETSI Releases World-Leading Consumer IoT Security Standard","year":"2020","key":"ref15"},{"journal-title":"Regulation (EU) 2019\/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526\/2013 (Cybersecurity Act)","first-page":"15","year":"2019","key":"ref16"},{"journal-title":"EUCS - Cloud Services Scheme","year":"2020","key":"ref17"},{"key":"ref18","doi-asserted-by":"crossref","first-page":"380","DOI":"10.1080\/23738871.2019.1696852","article-title":"The state of Microsoft?: the role of corporations in international norm creation","volume":"4","author":"nancy","year":"2019","journal-title":"Journal of Cyber Policy"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1017\/S0002930000016894","article-title":"Constructing Norms for Global Cybersecurity","volume":"110","author":"martha","year":"2016","journal-title":"The American Journal of International Law"},{"key":"ref4","article-title":"Software Trustworthiness Best Practices","author":"marcellus","year":"2020","journal-title":"An Industrial Internet Consortium White Paper Industrial Internet Consortium"},{"key":"ref3","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1016\/j.jss.2016.07.027","article-title":"Software Component Decision-Making: In-House, OSS, COTS or Outsourcing -A Systematic Literature Review","volume":"121","author":"deepika","year":"2016","journal-title":"Journal of Systems and Software"},{"journal-title":"Common Risk-Based Approach for the Digital Supply Chain","year":"2020","key":"ref6"},{"journal-title":"Charter of Trust Our 10 Principles","year":"2018","key":"ref5"},{"journal-title":"What Is Threat Modeling","year":"0","key":"ref8"},{"journal-title":"Achieving Security by Default for Products Functionalities and Technologies - Baseline Requirements","year":"2020","key":"ref7"},{"key":"ref49","article-title":"Security of Digital Products and Services: Reducing Vulnerabilities and Secure Design (Industry Good Practices)","author":"vladimir","year":"2020","journal-title":"Geneva Dialogue on Responsible Behaviour in Cyberspace Geneva Switzerland DiploFoundation"},{"journal-title":"SUNSPOT Malware A Technical Analysis","year":"2021","key":"ref9"},{"journal-title":"Understanding the digital security of products An in-depth analysis","article-title":"Organisation for Economic Co-operation and Development [OECD]","year":"2021","key":"ref46"},{"journal-title":"E-Commerce in the Time of COVID-19","year":"2020","key":"ref45"},{"key":"ref48","first-page":"1","article-title":"Introduction","author":"janhendrik","year":"2012","journal-title":"Agency Without Actors? New Approaches to Collective Action"},{"journal-title":"Paris Call for Trust and Security in Cyberspace [Paris Call]","year":"2018","key":"ref47"},{"journal-title":"ATT&CK MITRE","year":"0","key":"ref42"},{"journal-title":"Microsoft Security Development Lifecycle Threat Modelling","year":"0","key":"ref41"},{"journal-title":"EU Coordinated Risk Assessment of the Cybersecurity of 5G Networks","year":"2019","key":"ref44"},{"key":"ref43","first-page":"91","author":"dragan","year":"2018","journal-title":"Defining Offensive Cyber Capabilities"}],"event":{"name":"2021 13th International Conference on Cyber Conflict (CyCon)","start":{"date-parts":[[2021,5,25]]},"location":"Tallinn, Estonia","end":{"date-parts":[[2021,5,28]]}},"container-title":["2021 13th International Conference on Cyber Conflict (CyCon)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9467797\/9467799\/09467805.pdf?arnumber=9467805","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,9]],"date-time":"2021-08-09T22:11:49Z","timestamp":1628547109000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9467805\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,25]]},"references-count":61,"URL":"https:\/\/doi.org\/10.23919\/cycon51939.2021.9467805","relation":{},"subject":[],"published":{"date-parts":[[2021,5,25]]}}}