Logo: to the web site of the Swedish Defence University

fhs.se
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Papering Over the Cracks: The Effects of Introducing Best Practices on the Web Security Ecosystem
Schibsted Media Group.
Swedish Defence University, Department of Military Studies, Military-Technology Division.ORCID iD: 0000-0002-4376-9800
2016 (English)In: The 30th International Conference on Information Networking: ICOIN 2016, IEEE, 2016, p. 1-6, article id 15837791Conference paper, Published paper (Refereed)
Abstract [en]

Hypertext Transfer Protocol Secure (HTTPS) is the de facto standard for secure end-to-end web communication. However, numerous flaws discovered during recent years, such as Apple’s “goto fail” bug, and cryptographic weaknesses as illustrated by the Poodlebleed vulnerability, have brought the efficiency of the mostly self-regulated web security market into question. In this cross-disciplinary paper, the authors survey some 160.000 HTTPS-enabled servers among popular web sites over a time period of three years. The research question is what effect the introduction of best practices and vulnerability publication have on web server security in the form of protocol support. Main findings include that (i) insecure configurations, although well known, can remain widespread for over a decade, (ii) the introduction of best practices affect the decline of insecure configurations only moderately, whereas highly publicized security flaws have a significant impact, and (iii) economic incentives for website owners to provide secure services are weak, motivating such other levers of influence as legislation or blocking of noncompliant sites.

Place, publisher, year, edition, pages
IEEE, 2016. p. 1-6, article id 15837791
Series
International Conference on Information Networking, ISSN 1976-7684
Keywords [en]
Internet governance, network security, security economics, HTTPS
National Category
Information Systems
Research subject
Military Technology
Identifiers
URN: urn:nbn:se:fhs:diva-6685DOI: 10.1109/ICOIN.2016.7427064Libris ID: 19859055ISBN: 9781509017256 (print)ISBN: 9781509017249 (electronic)OAI: oai:DiVA.org:fhs-6685DiVA, id: diva2:1090471
Conference
30th International Conference on Information Networking (ICOIN), Kota Kinabalu, Malaysia, January 13-15, 2016
Available from: 2017-04-24 Created: 2017-04-24 Last updated: 2019-08-26Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Sigholm, Johan

Search in DiVA

By author/editor
Sigholm, Johan
By organisation
Military-Technology Division
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 299 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf