Safety, security and resilience of critical software ecosystems
Abstract
A software ecosystem is defined as the dynamic evolution of systems on top of a common technological platform offering a set of software solutions and services. Software ecosystems has gained increased attention due to mobile platforms and the need to improve development of solutions utilizing a network of collaborative actors. Software ecosystems are increasingly being used to support critical tasks and operations, such as smart cities and intelligent transport systems. There is no systematic overview of how safety, security and resilience are addressed in software ecosystems. We have performed a systematic literature review of research related to safety, security and resilience of critical software ecosystems, in the period 2007 to 2016. Peer-reviewed articles were identified in areas of critical infrastructure, but fewer articles than anticipated were found. The perspective of software ecosystems has helped to identify and specify patterns of safety, security and resilience on a relevant abstraction level. Significant vulnerabilities and poor awareness of safety, security and resilience has been identified in critical ecosystems. Key actors that should increase their attention are vendors, regulators, insurance companies and the research community. There is a need to improve private-public partnership and to improve the learning loops between computer emergency teams, security information providers, regulators and vendors. There is a need to focus more on safety, security and resilience and to establish regulations of responsibilities on the vendors for liabilities.