1 |
"Common Vulnerabilities and Exposures," http://cve.mitre.org/
|
2 |
"Common Weakness Enumeration," http://cwe.mitre.org/
|
3 |
Gray McGraw, "Software Security: Building Security in," Addison-Wesley, 2006
|
4 |
"CERT," http://www.cert.org/
|
5 |
Ivan Arce, Elias Levy, "The rising threat of vulnerabilities due to integer errors," Security & Privacy, IEEE, 2003. 8
|
6 |
Alef One, "Smashing The Stack For Fun And Profit," Phrack Magazine, Vol. 7, No. 49. 1996
|
7 |
행정안전부, "전자정부 소프트웨어 개발.운영자를 위한 소프트웨어 개발보안 가이드," 행정안전부, 2012. 5
|
8 |
행정안전부, "정보시스템 구축 운영 지침(행정안전부고시 제2011-36호)," 행정안전부, 2012. 9
|
9 |
"고려대, '소프트웨어 개발보안 연구센터,' 선정," http://www.newswire.co.kr/newsRead.php?no=624730
|
10 |
"Red Hat Bugzilla,", https://bugzilla.redhat.com/
|
11 |
"Coverity Prevent," http://www.coverity.com/
|
12 |
"HP Fortify Static Code Analyzer," http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/
|
13 |
"Klockwork," http://www.klockwork.com/
|
14 |
"LDRA Software Technology," http://www.ldra.com/
|
15 |
"CodeSonar," http://www.grammatech.com/codesonar
|
16 |
"Sparrow," http://www.fasoo.com/site/fasoo/sourcecodeanalysis/sparrow.do
|
17 |
"SecurityPrism," http://www.gtone.co.kr/main/ag/sp.php
|
18 |
"ROSE compiler infrastructure," http://rosecompiler.org/
|
19 |
"Splint-Secure Programming Lint," http://www.splint.org/
|
20 |
"CppCheck," http://cppcheck.sourceforge.net/
|
21 |
"Clang Static Analyzer," http://clang-analyzer.llvm.org/
|
22 |
"PMD," http://pmd.sourceforge,net/
|
23 |
"Findbugs," http://findbugs.sourceforge,net/
|
24 |
Godefroid, Patrice, Michael Y. Levin, and David A. Molnar. "Automated Whitebox Fuzz Testing." PLDI'08, Tucson, USA, July 2008
|
25 |
방지호, 하란, "소프트웨어 보안약점 기반의 오픈소스 보안약점 진단도구 분석," 한국정보과학회 2013 한국컴퓨터종합학술대회, 2013. 6
|
26 |
"ISO/IEC TS 17961:2013 Information technology --Programming languages, their environments and system software interfaces -- C secure coding rules," http://www.iso.org/iso/
|
27 |
"NIST SAMATE," http://samate.nist.gov/
|