Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1205

Analyzing Secure Coding Initiatives: An Ecosystem Approach  

Kim, Sung Kun (Chung-ang University)
Lee, Jae-Il (KISA)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1205-1216 More about this Journal
Abstract
The Korea government has recently announced that secure coding is going to be required when building e-government systems. As its initial effort to enhance the security level of e-government applications, it should be highly valued. In its implementation, however, there are some problematic areas or issues that are expected and need to be supplemented. In this regards, we attempt to analyze the Secure Coding Initiatives and derive some problems using an ecosystem approach. Furthermore, a set of institutional suggestions are made in an effort to get over the problems.
Keywords
secure coding; ecosystem; secure coding initiatives;
Citations & Related Records
연도 인용수 순위
  • Reference
1 김성근, "정보시스템 보안강화체계 적용을 위한 제도화 방안 개발," 한국인터넷진흥원, 2009.
2 김성근, "정보시스템 소프트웨어 보안성강화체계 제도화 및 활성화 방안 개발," 한국인터넷진흥원, 2010.
3 김성근, 안남규, 이진실, "정보자원관리 관련 법체계 분석: 미국과의 비교 분석을 중심으로," Information Systems Review, 7(1), pp. 21-40. 2005.
4 이규정, 김현경, "신정부의 정보화 법체계 개편방향과 과제," 한국정보사회진흥원 IT정책연구시리즈 2, 2008.
5 이연수, 이수연, 윤석구, 전재성, "주요국의 사이버 안전 관련 법․조직체계 비교 및 발전방안 연구," 국가정보연구, 1(2), pp. 35-116, 2009.
6 이창범, "미국, 영국, 독일의 기반보호법 체계에 관한 연구," 한국인터넷진흥원, 2010.
7 조성훈, "행안부, SW개발시 보안기법 적용 의무 화," 중앙일보, May 17 2012.
8 C. Tian, B. Ray, J. Lee, R. Cao, and W. Ding, "BEAM: A Framework for business ecosystem analysis and modeling," IBM Systems Journal, vol. 47, no. 1, 2008.
9 E. Erdelyi, "Graph theory application for investigating agro-ecosystems effected by extreme weather conditions," Applied Ecology and Environmental Research, vol. 4, no. 2, pp. 181-187, 2006.   DOI
10 F. Capra, The web of life, Doubleday Anchor Books, 1996.
11 F. M. James, "Predators and Prey: A New Ecology of Competition," Harvard Business Review, May-June, pp. 75-86, 1993.
12 G. Wardle, "A Graph Theory Approach To Demographic Loop Analysis," Ecology, vol. 79, pp. 2539-2549, 1998.   DOI   ScienceOn
13 J. Bauer and M. van Eeten, "Cybersecurity: Stakeholder incentives, externalities, and policy options," Telecommunication Policy, vol. 33, no. 10, pp. 706-719, 2009.   DOI
14 J. Colley, N. Pohlmann, H. Reimer and W. Schneider, "Why secure coding is not enough: Professionals' perspective," (Editors), ISSE 2009 Securing Electronic Business Processes, Viewegg + Teubner, pp. 302-311, 2010.
15 K. Higgins, "SQL Injection hack infects 1 million web pages," InformationWeek, August 10, 2012.
16 M. Baqir, P. Palvia, and H. Nemati, "Evaluating Government ICT Policies: An Extended Design-Actuality Gaps Framework," Proceedings of Seconds Annual SIG GlobDev Workshop, Phoenix, USA, Dec. 14, 2009.
17 N. Davis, "Processes for producing secure software," Security & Privacy, vol. 2, no. 3, May-June, 2004.
18 OECD, "Information Technology Policies: Organizational Structure in Member Countries," OECD, 1995.
19 P. Black, "SAMATE and Evaluating Static Analysis Tools," Ada User Journal, vol. 28, Number 3, 2007.
20 P. Bowen, E. Chew, and J. Hash, "Information Security Guide for Government Executives," NIST, 2007.
21 S. Allesina, A. Bodini and C. Bondavalli, "Ecological subsystems via graph theory: the role of strongly connected components," OIKOS, vol. 110, pp. 164-176, 2005.   DOI   ScienceOn
22 P. Ulrich and J. Chacko, "Overview of ICT Policies and E-Strategies: An Assessment on the Role of Governments," Information Technology for Development, vol. 11, no. 2, pp. 195-197, 2005.   DOI   ScienceOn
23 R. Basole and J. Karla, "On the Evolution of Mobile Platform Ecosystem Structure and Strategy," Business & Information Systems Engineering, pp. 313-322, 2011.