An Improvement of the Guideline of Secure Software Development for Korea E-Government |
Han, Kyung Sook
(Korea Polytechnic University)
Kim, Taehwan (Hongik University) Han, Ki Young (Hongik University) Lim, Jae Myung (Korea Internet & Security Agency) Pyo, Changwoo (Hongik University) |
1 | 행정안전부, 전자정부 소프트웨어 개발.운영자를 위한 소프트웨어 개발보안 가이드, 행정안전부, 2012. 5 |
2 | 행정안전부, 정보시스템 구축 운영 지침(행정안전부고시 제2011-36호), 행정안전부, 2012. 9 |
3 | Nuno Antunes, Marco Vieira. "Defending against Web Application Vulnerabilities," IEEE Computer, 45(2), pp. 66-72, 2012. |
4 | "Common Weakness Enumeration," http://cwe.mitre.org/ |
5 | "CERT," http://www.cert.org/ |
6 | Robert C. Seacord. Secure Coding in C and C++, Addison-Wesley, 2005 |
7 | Robert C. Seacord. The CERT C Secure Coding Standard, Addison-Wesley, 2008 |
8 | Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean Sutherland, and David Svoboda. The CERT Oracle Secure Coding Standard for Java, Addison- Wesley, 2012 |
9 | I.A. Elia, J. Fonseca, and M. Vieira, "Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study," Proc. 21st IEEE Int'l Symp. Software Reliability Eng. (ISSRE 10), pp. 289-298, 2010. |
10 | "Coverity Prevent," http://www.coverity.com/ |
11 | "HP Fortify Static Code Analyzer," http://www.hpenterprisesecurity.com/ products/hp-fortify-software-securitycenter/hp-fortify-static-code-analyzer/ |
12 | "Klockwork," http://www.klockwork.com/ |
13 | "LDRA Software Technology," http://www.ldra.com/ |
14 | "ROSE compiler infrastructure," http://rosecompiler.org/ |
15 | "Splint-Secure Programming Lint," http://www.splint.org/ |
16 | "CppCheck," http://cppcheck.sourceforge.net/ |
17 | "PMD," http://pmd.sourceforge,net/ |
18 | "Findbugs," http://findbugs.sourceforge,net/ |
19 | Nathaniel Ayewah and William Pugh. "A report on a survey and study of static analysis users," In Proceedings of the 2008 workshop on Defects in large software systems (DEFECTS '08), pp. 1-5, 2008. |