An Evaluation of the Product Security Maturity Model Through Case Studies at 15 Software Producing Organizations

Elena Baninemeh*, Harold Toomey, Katsiaryna Labunets, Gerard Wagenaar, Slinger Jansen

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review


Cybersecurity is becoming increasingly important from a software business perspective. The software that is produced and sold generally becomes part of a complex landscape of customer applications and enlarges the risk that customer organizations take. Increasingly, software producing organizations are realizing that they are on the front lines of the cybersecurity battles. Maintaining security in a software product and software production process directly influences the livelihood of a software business. There are many models for evaluating security of software products. The product security maturity model is commonly used in the industry but has not received academic recognition. In this paper we report on the evaluation of the product security maturity model on usefulness, applicability, and effectiveness. The evaluation has been performed through 15 case studies. We find that the model, though rudimentary, serves medium to large organizations well and that the model is not so applicable within smaller organizations.
Original languageEnglish
Title of host publicationSoftware Business - 14th International Conference, ICSOB 2023, Proceedings
EditorsSami Hyrynsalmi, Jürgen Münch, Kari Smolander, Jorge Melegati
Number of pages17
ISBN (Print)9783031532269
Publication statusPublished - 9 Feb 2024

Publication series

NameLecture Notes in Business Information Processing
Volume500 LNBIP
ISSN (Print)1865-1348
ISSN (Electronic)1865-1356


  • product security maturity model
  • software engineering security
  • software product security


Dive into the research topics of 'An Evaluation of the Product Security Maturity Model Through Case Studies at 15 Software Producing Organizations'. Together they form a unique fingerprint.

Cite this