1 |
US Cyber Safety Review Board, "Review of the December 2021 Log4j Event", pp. 3-6, July 2022.
|
2 |
BBC, US fuel pipeline hackers did not mean to create problems from https://www.bbc.com/news/business-57050690, May 2021.
|
3 |
NIST, "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations", NIST SP 800-161r1, pp. 1-3, May 2022.
|
4 |
Gartner, 7 Top Trends in Cybersecurity for 2022 from https://www.gartner.com/en/articles/7-top-tr ends-in-cybersecurity-for-2022, April 2022.
|
5 |
이태준, 이희조, 박춘식, "소프트웨어 보안 관점에서 본 미국 사이버보안 행정명령과 우리의 대응 방안", KISA Report, Vol. 12, p.3, 2021.
|
6 |
NTIA, "Roles and Benefits for SBOM Across the Supply Chain", 2019.
|
7 |
The White House, Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience from https://www.whitehouse.gov/omb/briefing-room/2022/09/14/enhancing-the-security-of-the-software-supply-chain-to-deliver-a-secure-government-experience/, Sept. 2022.
|
8 |
A. M. Pitney et al., "A Systematic Review of 2021 Microsoft Exchange Data Breach Exploiting Multiple Vulnerabilities", 2022 7th Int'l Conference on Smart and Sustainable Technologies, pp. 1-3, 2022.
|
9 |
Infosecurity Group, North Korean Lazarus Group Hacked Energy Providers Worldwide from https://www.infosecurity-magazine.com/news/lazarus-group-hacked-energy/, Sept. 2022.
|
10 |
US Chamber of Commerce, "Software Bill of Materials Elements and Considerations", June 2021.
|
11 |
OASIS, Common Security Advisory Framework (CSAF) from https://oasis-open.github.io/csaf-documentation/
|
12 |
https://secvisogram.github.io/
|
13 |
https://en.wikipedia.org/wiki/ICANN
|
14 |
Linux Foundation, "The Open Source Software Security Mobilization Plan", May 2022.
|
15 |
Kasperkey, "Managing the trend of growing IT complexity", IT security economics report, p.9, 2021.
|
16 |
ESF, "Securing the Software Supply Chain - Recommended Practices Guide for Developers", US Enduring Security Framework, pp. 26-27, Aug. 2022.
|
17 |
OMB, "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices - MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES", M-22-18, US Office of Management and Budget, Sept. 2022.
|
18 |
OpenSSF, Outcomes from Open Source Software Security Summit in Japan from https://openssf.org/blog/2022/08/24/outcomes-from-open-source-software-security-summit-in-japan/
|
19 |
IMDRF, "Draft, Principles and Practices for Software Bill of Materials for Medical Device Cybersecurity" from https://www.imdrf.org/con-sultations/principles-and-practices-soft-ware-bill-materials-medical-device-cybersecurity, International Medical Device Regulation Forum, 2022.
|
20 |
N. Kshetri, "Economics of Supply Chain Cyberattacks", IEEE Computer Society, pp. 1-2, June 2022.
|
21 |
BleepingComputer, Hundreds of networks re- portedly hacked in Codecov supply-chain attack from https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/, April 2022.
|
22 |
NTIA, Software Component Transparency from https://www.ntia.gov/SoftwareTransparency
|
23 |
NTIA, "SBOM Options and Decision Points", April 2021.
|
24 |
OWASP Foundation, "Software Component Verification Standard(SCVS) v1.0", June 2020.
|
25 |
B. Behlendorf, "Deep Dive into the OpenSSF Mobilization Plan", Open Source Summit Europe - OpenSSF Day, Sept. 2022.
|