1 |
NVD DB, https://nvd.nist.gov/
|
2 |
Secunia, "Secunia Yearly Report 2011, Vulnerabilities Are Resilient", P.4-P.11, 2012.
|
3 |
RedHat Security Blog, "The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities", Oct 2014.
|
4 |
Heartbleed bug, http://heartbleed.com/
|
5 |
OpenSSL CCS Injection bug, http://ccsinjection.lepidum.co.jp/
|
6 |
Trustwave, "Linux trailed Windows in patching zero-days in 2012, report says", 2012.
|
7 |
Matthew Finifter, Devdatta Akhawe, and David Wagner, "An Empirical Study of Vulnerability Rewards Programs", 2013.
|
8 |
Microsoft, "Security Development Lifecycle", http://www.microsoft.com/en-us/sdl/
|
9 |
Steve Lipner, Michael Howard, "The Trustworthy Computing Security Development Lifecycle", Microsoft Corporation, Mar 2005.
|
10 |
Google, "Google Vulnerability Reward Program (VRP) Rules"
|
11 |
Facebook, "Bug Bounty Program"
|
12 |
Microsoft, "Microsoft Bounty Programs"
|
13 |
Samsung "SMART TV BUGBOUNTY PROGRAM"
|
14 |
KISA, "S/W 신규 보안 취약점 신고 포상제"
|
15 |
Line, "LINE Security Bug Bounty Program"
|
16 |
We Do Hack, http://wedohack.appspot.com/
|
17 |
HP Security Research Blog, "There and back again: a journey through bounty award and disclosure"
|
18 |
김형열.김태성, "취약점 마켓 도입 영향요인에 대한 탐색적 연구: 화이트해커 중심으로", 2016 한국경영정보학회 춘계학술대회, 한국경영정보학회, 2016.
|
19 |
Bugcrowd, "Vulnerability Disclosure & Bug Bounty Programs"
|
20 |
홍준호, 유현우, "화이트 해커 양성 및 활성화 방안에 대한 연구", 한국법학회, 법학연구 제17권 제4호(통권 68호), 2017.
|
21 |
HackerOne, "Bug Bounty, Vulnerability Coordination"
|
22 |
Synack, "Penetration Testing & Private Bug Bounty"
|
23 |
Cobalt Labs, "Cobalt Bug Bounty Program"
|
24 |
Zerocopter, "Vulnerability Disclosure Policy"
|
25 |
CVEdetails, https://www.cvedetails.com/
|
26 |
GFI Blog, "2015's MVPs - The most vulnerable player"
|
27 |
LinkedIn's Security Blog, "LinkedIn's Private Bug Bounty Program: Reducing Vulnerabilities by Leveraging Expert Crowds"
|