| 1 | US Cyber Safety Review Board, "Review of the December 2021 Log4j Event", pp. 3-6, July 2022. |
| 2 | BBC, US fuel pipeline hackers did not mean to create problems from https://www.bbc.com/news/business-57050690, May 2021. |
| 3 | NIST, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations", NIST SP 800-161r1, pp. 1-3, May 2022. |
| 4 | Gartner, 7 Top Trends in Cybersecurity for 2022 from https://www.gartner.com/en/articles/7-top-tr ends-in-cybersecurity-for-2022, April 2022. |
| 5 | 이태준, 이희조, 박춘식, "소프트웨어 보안 관점에서 본 미국 사이버보안 행정명령과 우리의 대응 방안", KISA Report, Vol. 12, p.3, 2021. |
| 6 | NTIA, "Roles and Benefits for SBOM Across the Supply Chain", 2019. |
| 7 | The White House, Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience from https://www.whitehouse.gov/omb/briefing-room/2022/09/14/enhancing-the-security-of-the-software-supply-chain-to-deliver-a-secure-government-experience/, Sept. 2022. |
| 8 | A. M. Pitney et al., "A Systematic Review of 2021 Microsoft Exchange Data Breach Exploiting Multiple Vulnerabilities", 2022 7th Int'l Conference on Smart and Sustainable Technologies, pp. 1-3, 2022. |
| 9 | Infosecurity Group, North Korean Lazarus Group Hacked Energy Providers Worldwide from https://www.infosecurity-magazine.com/news/lazarus-group-hacked-energy/, Sept. 2022. |
| 10 | US Chamber of Commerce, "Software Bill of Materials Elements and Considerations", June 2021. |
| 11 | OASIS, Common Security Advisory Framework (CSAF) from https://oasis-open.github.io/csaf-documentation/ |
| 12 | https://secvisogram.github.io/ |
| 13 | https://en.wikipedia.org/wiki/ICANN |
| 14 | Linux Foundation, "The Open Source Software Security Mobilization Plan", May 2022. |
| 15 | Kasperkey, "Managing the trend of growing IT complexity", IT security economics report, p.9, 2021. |
| 16 | ESF, "Securing the Software Supply Chain - Recommended Practices Guide for Developers", US Enduring Security Framework, pp. 26-27, Aug. 2022. |
| 17 | OMB, "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices - MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES", M-22-18, US Office of Management and Budget, Sept. 2022. |
| 18 | OpenSSF, Outcomes from Open Source Software Security Summit in Japan from https://openssf.org/blog/2022/08/24/outcomes-from-open-source-software-security-summit-in-japan/ |
| 19 | IMDRF, "Draft, Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity" from https://www.imdrf.org/con-sultations/principles-and-practices-soft-ware-bill-materials-medical-device-cybersecurity, International Medical Device Regulation Forum, 2022. |
| 20 | N. Kshetri, "Economics of Supply Chain Cyberattacks", IEEE Computer Society, pp. 1-2, June 2022. |
| 21 | BleepingComputer, Hundreds of networks re- portedly hacked in Codecov supply-chain attack from https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/, April 2022. |
| 22 | NTIA, Software Component Transparency from https://www.ntia.gov/SoftwareTransparency |
| 23 | NTIA, "SBOM Options and Decision Points", April 2021. |
| 24 | OWASP Foundation, "Software Component Verification Standard(SCVS) v1.0", June 2020. |
| 25 | B. Behlendorf, "Deep Dive into the OpenSSF Mobilization Plan", Open Source Summit Europe - OpenSSF Day, Sept. 2022. |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
