When Your Thing Won’t Behave: Security Governance in the Internet of Things

[en] In the Internet of Things (IoT), interconnected smart things enable new products and services in cyber-physical systems. Yet, smart things not only inherit information technology (IT) security risks from their digital components, but they may also aggravate them through the use of technology platforms (TPs). In the context of the IoT, TPs describe a tangible (e.g., hardware) or intangible (e.g., software and standards) general-purpose technology that is shared between different models of smart things. While TPs are evolving rapidly owing to their functional and economic benefits, this is partly to the detriment of security, as several recent IoT security incidents demonstrate. We address this problem by formalizing the situation’s dynamics with an established risk quantification approach from platforms in the automotive industry, namely a Bernoulli mixture model. We outline and discuss the implications of relevant parameters for security risks of TP use in the IoT, i.e., correlation and heterogeneity, vulnerability probability and conformity costs, exploit probability and non-conformity costs, as well as TP connectivity. We argue that these parameters should be considered in IoT governance decisions and delineate prescriptive governance implications, identifying potential counter-measures at the individual, organizational, and regulatory levels.

Centre de recherche :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > FINATRAX - Digital Financial Services and Cross-organizational Digital Transformations
NCER-FT - FinTech National Centre of Excellence in Research

Disciplines :

Sciences informatiques
Gestion des systèmes d’information

Auteur, co-auteur :

BRENNECKE, Martin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX

FRIDGEN, Gilbert ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX

JÖHNK, Jan; University of Bayreuth > FIM Research Institute for Information Management

RADSZUWILL, Sven; University of Bayreuth > FIM Research Institute for Information Management

SCHÖNRICH-SEDLMEIR, Johannes ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > FINATRAX

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

When Your Thing Won’t Behave: Security Governance in the Internet of Things

Date de publication/diffusion :

2025

Titre du périodique :

Information Systems Frontiers

ISSN :

1387-3326

eISSN :

1572-9419

Maison d'édition :

Springer, New-York, Etats-Unis - New York

Volume/Tome :

Pagination :

1471–1490

Peer reviewed :

Peer reviewed vérifié par ORBi

Focus Area :

Security, Reliability and Trust

Objectif de développement durable (ODD) :

9. Industrie, innovation et infrastructure
16. Paix, justice et institutions efficaces

URL complémentaire :

https://link.springer.com/article/10.1007/s10796-024-10511-z

Projet FnR :

FNR13342933 - Paypal-fnr Pearl Chair In Digital Financial Services, 2019 (01/01/2020-31/12/2024) - Gilbert Fridgen
FNR16326754 - Privacy-preserving Tokenisation Of Artworks, 2021 (01/06/2022-31/05/2025) - Gilbert Fridgen

Intitulé du projet de recherche :

R-AGR-3728 - PEARL/IS/13342933/DFS - FRIDGEN Gilbert
U-AGR-7110 - C21/IS/16326754/PABLO - FRIDGEN Gilbert

Organisme subsidiant :

FNR - Fonds National de la Recherche
FNR - Luxembourg National Research Fund
Banque et Caisse d’Épargne de l’État, Luxembourg (Spuerkeess)

N° du Fonds :

13342933; 16326754

Subventionnement (détails) :

This research was funded in part by the Luxembourg National Research Fund (FNR) and PayPal, PEARL grant reference 13342933/Gilbert Fridgen, as well as grant reference 16326754/PABLO. Supported by Banque et Caisse d’Épargne de l’État, Luxembourg (Spuerkeess). For the purpose of open access, and in fulfillment of the obligations arising from the grant agreement, the authors have applied a Creative Commons Attribution 4.0 International (CC BY 4.0) license to any Author Accepted Manuscript version arising from this submission. Open Access funding enabled and organized by Projekt DEAL.

Disponible sur ORBilu :

depuis le 22 août 2024

Statistiques

Nombre de vues

237 (dont 46 Unilu)

Nombre de téléchargements

73 (dont 14 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

Aftergood, S. (2018). Governments want your smart devices to have stupid security flaws. Nature,560(7720), 550–551. https://doi.org/10.1038/d41586-018-06033-9
V.A. Almeida D. Doneda M. Monteiro Governance Challenges for the Internet of Things IEEE Internet Computing 19 4 56 59 10.1109/MIC.2015.86
S. Alter Making sense of smartness in the context of smart devices and smart systems Information Systems Frontiers 9 4 381 393 10.1007/s10796-019-09919-9
Arentz, S. (2005). Hacking Linux-powered devices. Retrieved March 25, 2024, from http://bofh.nikhef.nl/events/CCC/congress/21c3/papers/136%20Hacking%20Linux-Powered%20Devices.pdf
Arnold, L., Jöhnk, J., Vogt, F., & Urbach, N. (2022). IIoT platforms’ architectural features - a taxonomy and five prevalent archetypes. Electronic Markets,32(2), 927–944. https://doi.org/10.1007/s12525-021-00520-0
A. Arora R. Krishnan R. Telang Y. Yang An empirical analysis of software vendors’ patch release behavior: impact of vulnerability disclosure Information Systems Research 21 1 115 132 10.1287/isre.1080.0226
L. Atzori A. Iera G. Morabito The Internet of Things: A survey Computer Networks 54 15 2787 2805 10.1016/j.comnet.2010.05.010
Axelrod, C.W. (2015). Enforcing security, safety and privacy for the Internet of Things. In: Long Island Systems, Applications and Technology [SPACE] https://doi.org/10.1109/LISAT.2015.7160214
Baldwin, C.Y, & Woodard, C.J. (2008). The architecture of platforms: a unified view. Harvard Business School Finance Working Paper, (09-034) https://doi.org/10.2139/ssrn.1265155
K. Bandyopadhyay P.P. Mykytyn K. Mykytyn A framework for integrated risk management in information technology Management Decision 37 5 437 445 10.1108/00251749910274216
Bhat, M.I., & Giri, K.J. (2021). Impact of computational power on cryptography. In: K. J. Giri, S. A. Parah, R. Bashir, & K. Muhammad (Eds.), Multimedia security: Algorithm development, analysis and applications (pp. 45–88). https://doi.org/10.1007/978-981-15-8711-5_4
B. Biswas A. Mukhopadhyay S. Bhattacharjee A. Kumar D. Delen A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums Decision Support Systems 152 113651 10.1016/j.dss.2021.113651
B. Biswas A. Mukhopadhyay A. Kumar D. Delen A hybrid framework using explainable AI (XAI) in cyber-risk management for defence and recovery against phishing attacks Decision Support Systems. 177 114102 10.1016/j.dss.2023.114102
Bluhm, C, Overbeck, L, & Wagner, C. (2010). An introduction to credit risk modeling. Chapman
Borgia, E. (2014). The Internet of Things vision: Key features, applications and open issues. Computer Communications,54,. https://doi.org/10.1016/j.comcom.2014.09.008
A. Boulanger Open-source versus proprietary software: Is one more reliable and secure than the other? IBM Systems Journal 44 2 239 248 10.1147/sj.442.0239
C. Buck C. Olenberger A. Schweizer F. Völter T. Eymann Never trust, always verify: A multivocal literature review on current knowledge and research gaps of zero-trust Computers & Security 110 102436 10.1016/j.cose.2021.102436
S.V. Buldyrev R. Parshani G. Paul H.E. Stanley S. Havlin Catastrophic cascade of failures in interdependent networks Nature 464 1025 1028 10.1038/nature08932
BusyBox. (2022). The swiss army knife of embedded Linux: Products. Retrieved March 25, 2024, from https://www.busybox.net/about.html
H. Cavusoglu H. Cavusoglu J. Zhang Security patch management: Share the burden or share the damage? Management Science 54 4 657 670 10.1287/mnsc.1070.0794
CISA. (2021). Statement from CISA Director Easterly on Log4j Vulnerability. Retrieved March 25, 2024, from https://www.cisa.gov/news-events/news/statement-cisa-director-easterly-log4j-vulnerability
Chen, P.-Y., Kataria, G., & Krishnan, R. (2011). Correlated failures, diversification, and information security risk management. MIS Quarterly,35(2), 397–422. https://doi.org/10.2307/23044049
C. Colwill Human factors in information security: The insider threat- who can you trust these days? Information Security Technical Report 14 4 186 196 10.1016/j.istr.2010.04.004
COM/2022/454 final. (2022). Proposal for a Directive of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020 (Cyber Resilience Act). Retrieved March 25, 2024, from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52022PC0454
COM/2022/495 final. (2022). Proposal for a Directive of the European Parliament and of the Council on liability for defective products (New Product Liability Directive). Retrieved March 25, 2024, from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0495
Preliminary post incident review (pir): Content configuration update impacting the falcon sensor and the windows operating system (bsod). Retrieved July 24, 2024, from https://www.crowdstrike.com/falcon-contentupdate-remediation-and-guidance-hub/
CVE- 2016-2148. (2016) Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. Retrieved March 25, 2024, from https://www.cvedetails.com/cve/CVE-2016-2148/
CVE-2018-1000517. (2018). BusyBox project BusyBox wget version prior to commit 8e.. contains a buffer overflow vulnerability. Retrieved March 25, 2024, from https://www.cvedetails.com/cve/CVE-2018-1000517/
CVE-2022-48174. (2022). There is a stack overflow vulnerability in ash.c:6030 in BusyBox before 1.35. Retrieved March 25, 2024, from https://www.cvedetails.com/cve/CVE-2022-48174/
Cybersecurity & Infrastructure Security Agency. (2024). Industrial Control Systems. Retrieved March 25, 2024, from https://www.cisa.gov/topics/industrial-control-systems
Cybersecurityhelp. (2022). #U65004 OS command injection in BusyBox. Retrieved from https://www.cybersecurity-help.cz/vulnerabilities/65004/
Dailymail (2016). Cyber attacks cripple Twitter, Netflix, other websites. Retrieved March 25, 2024, from http://www.dailymail.co.uk/wires/afp/article-3859624/Twitter-Spotify-websites-shut-DDOS-attack.html
Dibia, V., & Wagner, C. (2015). Success within app distribution platforms: the contribution of app diversity and app cohesivity. (4304–4313) https://doi.org/10.1109/HICSS.2015.515
Directive (EU) 2022/2555. (2022). Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive). Retrieved March 25, 2024, from http://data.europa.eu/eli/dir/2022/2555/oj
Economides, N., & Katsamakas, E. (2006). Two-sided competition of proprietary vs. open source technology platforms and the implications for the software industry. Management Science, 52(7), 1057–1071 https://doi.org/10.1287/mnsc.1060.0549
Eden, P, Blyth, A, Jones, K, Soulsby, H, Burnap, P, Cherdantseva, Y, & Stoddart, K. (2017). SCADA System Forensic Analysis Within IIoT. In: Advanced Manufacturing, Cybersecurity for Industry 4.0: Analysis for Design and Manufacturing (pp. 73–101). Springer.+
Eltayeb, M.A. (2017). Internet of Things: Privacy and security implications. International Journal of Hyperconnectivity and the Internet of Things, 1(1), https://doi.org/10.4018/IJHIoT.2017010101
Faber, B., & Günther, O. (2007). Distributed ONS and its impact on privacy. IEEE International Conference on Communications, (1223–1228) https://doi.org/10.1109/ICC.2007.207
F.J. Fabozzi P.N. Kolm D.A. Pachamanova S.M. Focardi Robust portfolio optimization and management John Wiley
A.L.F. Facin L.A. de Vasconcelos Gomes M. de Mesquita Spinola M.S. Salerno The evolution of the platform concept: a systematic review IEEE Transactions on Engineering Management 63 4 475 488 10.1109/TEM.2016.2593604
Federal Trade Commission. (2017). FTC charges D-Link put consumers’ privacy at risk due to the inadequate security of its computer routers and cameras: Device-maker’s alleged failures to reasonably secure software created malware risks and other vulnerabilities. Retrieved March 25, 2024, from https://www.ftc.gov/news-events/news/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate-security-its-computer-routers-cameras
R.G. Fichman Real options and IT platform adoption: implications for theory and practice Information Systems Research 15 2 132 154 10.1287/isre.1040.0021
Financial Times (2024). Companies around the world hit by Microsoft outage. Retrieved July 19, 2024, from https://www.ft.com/content/fba9b61d-efcf-4348-b640-ccb1f9d18ced
M. Frank L. Jaeger L.M. Ranft Contextual drivers of employees’ phishing susceptibility: Insights from a field study Decision Support Systems 160 10.1016/j.dss.2022.113818 113818
A. Gawer Bridging differing perspectives on technological platforms: toward an integrative framework Research Policy 43 7 1239 1249 10.1016/j.respol.2014.03.006
Gepp, M., Foehr, M., & Vollmar, J. (2016). Standardization, modularization and platform approaches in the engineer-to-order business – review and outlook. In: Proceedings of the Annual IEEE Systems Conference. https://doi.org/10.1109/SYSCON.2016.7490549
Giesecke, K. (2004). Credit risk modeling and valuation: an introduction. Credit Risk: Models and Management,2,. https://doi.org/10.2139/ssrn.479323
K. Giesecke S. Weber Cyclical correlations, credit contagion, and portfolio losses Journal of Banking and Finance 28 12 3009 3036 10.1016/j.jbankfin.2003.11.002
Hampson, M. (2019) IoT security risks: drones, vibrators, and kids’ toys are still vulnerable to hacking. Retrieved March 25, 2024, from https://spectrum.ieee.org/iot-security-risks-drones-vibrators-iot-devices-kids-toys-vulnerable-to-hacking
Hartwich, E., Rieger, A., Sedlmeir, J., Jurek, D., & Fridgen, G. (2023). Machine economies. Electronic Markets,33,. https://doi.org/10.1007/s12525-023-00649-0
D. Helbing Globally networked risks and how to respond Nature 497 7447 51 59 10.1038/nature12047
Howard, J.D, & Longstaff, T.A. (1998). A common language for computer security incidents. Sandia National Laboratories
Huber, R.X.R, Lockl, J, Röglinger, M, & Weidlich, R, (2024). The Concept of a Smart Action–Results from Analyzing Information Systems Literature. Communications of the Association for Information Systems, 54 (1), 6 https://doi.org/10.17705/1CAIS.05408
ICS-CERT. (2018a). ICSA-15-260-01: Harman-Kardon Uconnect vulnerability. Retrieved March 25, 2024, from https://ics-cert.us-cert.gov/advisories/ICSA-15-260-01
ICS-CERT. (2018b). ICSA-17-208-01: Continental AG Infineon S-Gold 2 (PMB 8876). Retrieved March 25, 2024, from https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01
ISO/SAE 21434:2021. 2021. Road vehicles: Cybersecurity engineering standard of the International Organization for Standardization. Retrieved March 25, 2024, https://www.iso.org/standard/70918.html
C.M. Kang Y.S. Hong W.T. Huh W. Kang Risk propagation through a platform: the failure risk perspective on platform sharing IEEE Transactions on Engineering Management 62 3 372 383 10.1109/TEM.2015.2427844
Karale, A. (2021). The Challenges of IoT Addressing Security, Ethics, Privacy, and Laws. Internet of Things,15,. https://doi.org/10.1016/j.iot.2021.100420
S.L. Keoh S.S. Kumar H. Tschofenig Securing the Internet of Things: A standardization perspective IEEE Internet of Things Journal 1 3 265 275 10.1109/JIOT.2014.2323395
K. Kim J. Altmann Platform provider roles in innovation in software service ecosystems IEEE Transactions on Engineering Management 69 4 930 939 10.1109/TEM.2019.2949023
Kocher, P, Horn, J, Fogh, A, Genkin, D, Gruss, D, Haas, W,.., Yarom, Y. (2018). Spectre attacks: Exploiting speculative execution. Retrieved March 25, 2024, https://spectreattack.com/spectre.pdf
Kim, D.-h., Lee, H., Kwak, J. (2017). Standards as a driving force that influences emerging technological trajectories in the converging world of the internet and things: An investigation of the M2M/IoT patent network. Research Policy,46(7), 1234–1254. https://doi.org/10.1016/j.respol.2017.05.008
C.H. Lee X. Geng S. Raghunathan Mandatory standards and organizational information security Information Systems Research. 27 1 70 86 10.1287/isre.2015.0607
Lemos, R. (2024). SAST, DAST, IAST, and RASP: Pros, cons and how to choose. Techbeacon. Retrieved March 25, 2024, from https://techbeacon.com/sast-dast-iast-rasp-pros-cons-how-choose
S. Li L.D. Xu S. Zhao The Internet of Things: A survey Information Systems Frontiers 17 2 243 259 10.1007/s10796-014-9492-7
Lins, M, Mayrhofer, R, Roland, M, Hofer, D, & Schwaighofer, M. (2024). On the critical path to implant backdoors and the effectiveness of potential mitigationtechniques: Early learnings from xz. https://doi.org/10.48550/arXiv.2404 08987
Linton, M, & Parseghian, P. (2018). Today’s CPU vulnerability: What you need to know. Retrieved March 25, 2024, from https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Lipp, M, Schwarz, M, Gruss, D, Prescher, T, Haas, W., Fogh, A.,.., Hamburg, M(2018). Meltdown. Retrieved March 25, 2024, from https://meltdownattack.com/meltdown.pdf
Medeiros, J. (2017). WannaCry laid bare the NHS’ outdated IT network – and it’s still causing problems: The effects of the WannaCry attack are still being felt at NHS hospitals. Retrieved July 25, 2024, from http://www.wired.co.uk/article/nhs-cyberattack-it-ransomware
F. Meneghello M. Calore D. Zucchetto M. Polese A. Zanella IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices IEEE Internet of Things Journal 6 5 8182 8201 10.1109/JIOT.2019.2935189
J.R. Meredith A. Raturi K. Amoako-Gympah B. Kaplan Alternative research paradigms in operations Journal of Operations Management 8 4 297 326 10.1016/0272-6963(89)90033-8
Microsoft Threat Intelligence. (2021). Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability. Retrieved March 25, 2024, from https://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/#attacks
Miller, B., & Rowe, D. (2012). A survey SCADA of and critical infrastructure incidents. 1st Annual Conference on Research in Information Technology51–56 https://doi.org/10.1145/2380790.2380805
Ministry of Internal Affairs and Communications, National Institute of Information and Communications Technology (2019). The “NOTICE” project to survey IoT devices and to alert users. Retrieved March 25, 2024, from https://www.nict.go.jp/en/press/2019/02/01-1.html
M. Mohamad Noor W. Haslina Hassan Current research on Internet of Things (IoT) security: a survey Computer Networks 148 15 283 294 10.1016/j.comnet.2018.11.025
G.V. Neville-Neil IoT: The Internet of Terror Communications of the ACM 60 10 46 37 10.1145/3132728
R. Nicolescu M. Huth P. Radanliev D.D. Roure Mapping the values of IoT Journal of Information Technology 33 4 345 360 10.1057/s41265-018-0054-1
Porch, C, Timbrell, G, & Rosemann, M. (2015). Platforms: a systematic review of the literature using algorithmic histography. https://doi.org/10.18151/7217443
B.A. Prakash D. Chakrabarti N.C. Valler M. Faloutsos C. Faloutsos Threshold conditions for arbitrary cascade models on arbitrary networks Knowledge and Information Systems 33 3 549 575 10.1007/s10115-012-0520-y
Püschel, L, Schlott, H, & Röglinger, M. (2016). What’s in a smart thing? Development of a multi-layer taxonomy. Proceedings of the 37th International Conference on Information Systems. Retrieved March 25, 2024, from https://aisel.aisnet.org/icis2016/DigitalInnovation/Presentations/6
P. Radanliev D.C.D. Roure R. Nicolescu M. Huth R.M. Montalvo S. Cannady P. Burnap Future developments in cyber risk assessment for the Internet of Things Computers in Industry 102 14 22 10.1016/j.compind.2018.08.002
R.K. Rainer Jr C.A. Snyder H.H. Carr Risk analysis for information technology Journal of Management Information Systems 8 1 129 147 10.1080/07421222.1991.11517914
S. Ransbotham R.G. Fichman R. Gopal A. Gupta Special section introduction - ubiquitous IT and digital vulnerabilities Information System Research 27 4 834 847 10.1287/isre.2016.0683
Rausand, M, Barros, A, & Hoyland, A. (2020). System Reliability Theory: Models, Statistical Methods, and Applications. John Wiley & Sons. https://doi.org/10.1002/9781119373940
Regulation (EU) 2016/679. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Retrieved March 25, 2024, from http://data.europa.eu/eli/reg/2016/679/oj
Regulation (EU) 2018/858. (2018). Regulation (EU) 2018/858 of the European Parliament and of the Council of 30 May 2018 on the approval and market surveillance of motor vehicles and their trailers, and of systems, components and separate technical units intended for such vehicles, amending Regulations (EC) No 715/2007 and (EC) No 595/2009 and repealing Directive 2007/46/EC. Retrieved March 25, 2024, from http://data.europa.eu/eli/reg/2018/858/oj
Regulation (EU) 2019/2144. (2019). Regulation (EU) 2019/2144 of the European Parliament and of the Council of 27 November 2019 on type-approval requirements for motor vehicles and their trailers, and systems, components and separate technical units intended for such vehicles, as regards their general safety and the protection of vehicle occupants and vulnerable road users, amending Regulation (EU) 2018/858 of the European Parliament and of the Council and repealing Regulations (EC) No 78/2009, (EC) No 79/2009 and (EC) No 661/2009 of the European Parliament and of the Council and Commission Regulations (EC) No 631/2009, (EU) No 406/2010, (EU) No 672/2010, (EU) No 1003/2010, (EU) No 1005/2010, (EU) No 1008/2010, (EU) No 1009/2010, (EU) No 19/2011, (EU) No 109/2011, (EU) No 458/2011, (EU) No 65/2012, (EU) No 130/2012, (EU) No 347/2012, (EU) No 351/2012, (EU) No 1230/2012 and (EU) 2015/166. Retrieved March 25, 2024, from http://data.europa.eu/eli/reg/2019/2144/oj
A. Rieger R. Thummert G. Fridgen M. Kahlen W. Ketter Estimating the benefits of cooperation in a residential microgrid: A data-driven approach Applied Energy 180 130 141 10.1016/j.apenergy.2016.07.105
Ronen, E, O’Flynn, C, Shamir, A, & Weingarten, A.O. (2016). IoT goes nuclear: creating a ZigBee chain reaction. Retrieved March 25, 2024, from https://eprint.iacr.org/2016/1047.pdf
A.D. Roy Safety first and the holding of assets Econometrica 20 3 431 10.2307/1907413
Sadeghi, A.R., Wachsmann, C., & Waidner, M. (2015). Security and privacy challenges in industrial Internet of Things. Proceedings of the 52nd Annual Design Automation Conference. https://doi.org/10.1145/2744769.2747942
S. Sicari C. Cappiello F.D. Pellegrini D. Miorandi A. Coen-Porisini A security-and quality-aware system architecture for Internet of Things Information Systems Research 18 4 665 677 10.1007/s10796-014-9538-x
M.T. Siponen H. Oinas-Kukkonen A review of information security issues and respective research contributions ACM SIGMIS Database 38 1 60 80 10.1145/1216218.1216224
S.A. Slaughter D.E. Harter M.S. Krishnan Evaluating the cost of software quality Communications of the ACM 41 8 67 73 10.1145/280324.280335
Smartfrog Ltd. (2012). Open source terms. Retrieved March 25, 2024, from https://www.smartfrog.com/en-us/open-source-terms
R. Syed Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system Information & Management 57 6 103334 10.1016/j.im.2020.103334
O. Temizkan S. Park C. Saydam Software diversity for improved network security: Optimal distribution of software-based shared vulnerabilities Information Systems Research 28 4 828 849 10.1287/isre.2017.0722
Thielmann, S. (2017). Acting federal trade commission head: Internet of Things should self-regulate. Retrieved March 25, 2024, from https://www.theguardian.com/technology/2017/mar/14/federal-trade-commission-internet-things-regulation
L.D.W. Thomas E. Autio D.M. Gann Architectural leverage: Putting platforms in context Academy of Management Perspectives 28 2 198 219 10.5465/amp.2011.0105
TomTom, T. (2005). Open source software: TomTom GO 4. Retrieved March 25, 2024, from https://www.tomtom.com/de_at/opensource/go-version-4
Travis, G. (2019). How the Boeing 737 Max disaster looks to a software developer. IEEE Spectrum, 18. Retrieved from https://spectrum.ieee.org/how-the-boeing-737-max-disaster-looks-to-a-software-developer
Vermesan, O., & Friess, P. (Eds.) (2022). Digitising the industry Internet of Things connecting the physical, digital and VirtualWorlds. Taylor & Francis
Violino, B. (2017). FTC vs D-Link: The legal risks of IoT insecurity: Vulnerabilities in connected devices spell potential trouble for product manufacturers. Retrieved March 25, 2024, from https://www.zdnet.com/article/ftc-vs-d-link-the-legal-risks-of-iot-insecurity/
Vectra AI Security Research Team. (2016). How a webcam Can Be exploited as a backdoor, 2024-07-25. https://www.vectra.ai/blog/turning-a-webcam-into-a-backdoor
R. von Solms J. van Niekerk From information security to cyber security Computers & Security 38 97 102 10.1016/j.cose.2013.04.004
J. Waldo Virtual organizations, pervasive computing, and an infrastructure for networking at the edge Information Systems Frontiers 4 1 9 18 10.1023/A:1015322219248
Walters, R., & Jordan, J. (2016). US must remain vigilant to counter cyberattacks. Retrieved March 25, 2024, from http://dailysignal.com/2016/10/26/how-a-cyberattack-took-down-twitter-netflix-and-the-new-york-times/
H. Wang H. He W. Zhang W. Liu P. Liu A. Javadpour Using honeypots to model botnet attacks on the Internet of Medical Things Computers and Electrical Engineering 102 108212 10.1016/j.compeleceng.2022.108212
Watts, D.J. (2002). In A simple model of global cascades on random networks (Vol. 99, 5766–5771). https://doi.org/10.1073/pnas.082090499
R.H. Weber Internet of Things - new security and privacy challenges Computer Law & Security Review 26 1 23 30 10.1016/j.clsr.2009.11.008
R.H. Weber Internet of Things - governance quo vadis? Computer Law & Security Review 29 4 341 347 10.1016/j.clsr.2013.05.010
Weigl, L, Barberea, T, Sedlmeir, J, & Zavolokina, L. (2023). Mediating the tension between data sharing and privacy: The case of DMA and GDPR. In: Proceedings of the 31st European Conference on Information Systems, AIS. Retrieved from https://aisel.aisnet.org/ecis2023_rip/49/
J. West How open is open enough? Melding proprietary and open source platform strategies Research Policy 32 7 1259 1285 10.1016/S0048-7333(03)00052-0
A. Whitmore A. Agarwal L.D. Xu The Internet of Things - a survey of topics and trends Information Systems Frontiers 17 2 261 274 10.1007/s10796-014-9489-2
Y. Yoo Computing in every day life: A call for research on experiential computing MIS Quarterly 34 2 213 231 10.2307/20721425
Yoo, Y., Jr., R. J. B., Lyytinen, K., & Majchrzak, A. (2012). Organizing for innovation in the digitized world. Organization Science,23(5), 1398–1408. https://doi.org/10.1287/orsc.1120.0771
York, D. (2018). Meltdown and Spectre: Why we need vigilance, upgradeability, and collaborative security. Retrieved March 25, 2024, from https://www.internetsociety.org/blog/2018/01/meltdown-spectre-need-vigilance-upgradeability-collaborative-security/
W. Zhou Y. Jia A. Peng Y. Zhang P. Liu The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved Internet of Things Journal 6 2 1606 1616 10.1109/JIOT.2018.2847733