A taxonomy for improving industry-academia communication in IoT vulnerability management

Background: In software engineering, industry-academia is a symbiotic relationship. Researchers need to be aware of the industry to produce relevant research, while practitioners are educated in academia and could take advantage of empirical research. The SERP taxonomy architecture is designed to support communication between practitioners and researchers in software engineering. Objective: The purpose of this study is to analyze to what extent the SERP taxonomy architecture is useful for improving communication between researchers and practitioners in IoT vulnerability management. Method: We developed a SERP taxonomy for IoT vulnerability management, SERP-MENTION, in an incremental way. Along the development, we evaluated the developed taxonomy in a project of industry academia collaboration. Results: In addition to the taxonomy itself we elaborate on the taxonomy development process and the potential of SERP-MENTION to support communication between researchers and practitioners within the area. Conclusion: The SERP architecture can be used in a new field, it is perceived as useful by potential users to better describe and communicate research outputs and practical challenges in software vulnerability management.