Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Papering Over the Cracks: The Effects of Introducing Best Practices on the Web Security Ecosystem
Schibsted Media Group.
Swedish Defence University, Department of Military Studies, Military-Technology Division.ORCID iD: 0000-0002-4376-9800
2016 (English)In: The 30th International Conference on Information Networking: ICOIN 2016, Institute of Electrical and Electronics Engineers (IEEE), 2016, 15837791Conference paper (Refereed)
Abstract [en]

Hypertext Transfer Protocol Secure (HTTPS) is the de facto standard for secure end-to-end web communication. However, numerous flaws discovered during recent years, such as Apple’s “goto fail” bug, and cryptographic weaknesses as illustrated by the Poodlebleed vulnerability, have brought the efficiency of the mostly self-regulated web security market into question. In this cross-disciplinary paper, the authors survey some 160.000 HTTPS-enabled servers among popular web sites over a time period of three years. The research question is what effect the introduction of best practices and vulnerability publication have on web server security in the form of protocol support. Main findings include that (i) insecure configurations, although well known, can remain widespread for over a decade, (ii) the introduction of best practices affect the decline of insecure configurations only moderately, whereas highly publicized security flaws have a significant impact, and (iii) economic incentives for website owners to provide secure services are weak, motivating such other levers of influence as legislation or blocking of noncompliant sites.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2016. 15837791
Series
Information Networking, International Conference on, ISSN 1976-7684
Keyword [en]
Internet governance, network security, security economics, HTTPS
National Category
Information Systems
Research subject
Militärteknik
Identifiers
URN: urn:nbn:se:fhs:diva-6685DOI: 10.1109/ICOIN.2016.7427064ISBN: 978-1-5090-1725-6 (print)ISBN: 978-1-5090-1724-9 (electronic)OAI: oai:DiVA.org:fhs-6685DiVA: diva2:1090471
Conference
30th International Conference on Information Networking (ICOIN), Kota Kinabalu, Malaysia, January 13-15, 2016
Available from: 2017-04-24 Created: 2017-04-24 Last updated: 2017-04-28

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Sigholm, Johan
By organisation
Military-Technology Division
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 15 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf