Browse > Article

기업 제품의 보안 취약점 개선을 위한 보상제 동향  

Yoo, Dong-hoon ((주)아이넷캅 스마트 플랫폼 보안 기술 연구소)
Noh, Bong-nam (전남대학교 대학원 시스템 보안 연구 센터)
Publication Information
Review of KIISC / v.28, no.2, 2018 , pp. 43-50 More about this Journal
Keywords
Citations & Related Records
연도 인용수 순위
  • Reference
1 NVD DB, https://nvd.nist.gov/
2 Secunia, "Secunia Yearly Report 2011, Vulnerabilities Are Resilient", P.4-P.11, 2012.
3 RedHat Security Blog, "The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities", Oct 2014.
4 Heartbleed bug, http://heartbleed.com/
5 OpenSSL CCS Injection bug, http://ccsinjection.lepidum.co.jp/
6 Trustwave, "Linux trailed Windows in patching zero-days in 2012, report says", 2012.
7 Matthew Finifter, Devdatta Akhawe, and David Wagner, "An Empirical Study of Vulnerability Rewards Programs", 2013.
8 Microsoft, "Security Development Lifecycle", http://www.microsoft.com/en-us/sdl/
9 Steve Lipner, Michael Howard, "The Trustworthy Computing Security Development Lifecycle", Microsoft Corporation, Mar 2005.
10 Google, "Google Vulnerability Reward Program (VRP) Rules"
11 Facebook, "Bug Bounty Program"
12 Microsoft, "Microsoft Bounty Programs"
13 Samsung "SMART TV BUGBOUNTY PROGRAM"
14 KISA, "S/W 신규 보안 취약점 신고 포상제"
15 Line, "LINE Security Bug Bounty Program"
16 We Do Hack, http://wedohack.appspot.com/
17 HP Security Research Blog, "There and back again: a journey through bounty award and disclosure"
18 김형열.김태성, "취약점 마켓 도입 영향요인에 대한 탐색적 연구: 화이트해커 중심으로", 2016 한국경영정보학회 춘계학술대회, 한국경영정보학회, 2016.
19 Bugcrowd, "Vulnerability Disclosure & Bug Bounty Programs"
20 홍준호, 유현우, "화이트 해커 양성 및 활성화 방안에 대한 연구", 한국법학회, 법학연구 제17권 제4호(통권 68호), 2017.
21 HackerOne, "Bug Bounty, Vulnerability Coordination"
22 Synack, "Penetration Testing & Private Bug Bounty"
23 Cobalt Labs, "Cobalt Bug Bounty Program"
24 Zerocopter, "Vulnerability Disclosure Policy"
25 CVEdetails, https://www.cvedetails.com/
26 GFI Blog, "2015's MVPs - The most vulnerable player"
27 LinkedIn's Security Blog, "LinkedIn's Private Bug Bounty Program: Reducing Vulnerabilities by Leveraging Expert Crowds"