A Study on the Development and Application of Efficient Evaluation Criteria for Performance Testing of Commercial Open Source Vulnerability Scanning Tools
|
|
Shin, Kangsik
(KAIST Cyber Security Research Center)
Jung, Dong-Jae (KAIST Cyber Security Research Center) Choe, Min-Ji (KAIST Cyber Security Research Center) Cho, Ho-Mook (KAIST Cyber Security Research Center) |
| 1 | "Open Source Software", https://opensource.org/, Aceessed. May, 2022 |
| 2 | Synopsys, "2020 Open Source Security and Risk Analysis Report", 2020 |
| 3 | "SBOM", https://en.wikipedia.org/wiki/Software_bill_of_materials, Aceessed. May, 2022 |
| 4 | Lee Tae-joon, Park Chun-sik, Lee Hee-jo, "U.S. Cybersecurity Executive Order and Our Countermeasures from a Software Security Perspective", KISA Report volume 12, 2021. |
| 5 | "Semgrep", https://semgrep.dev/, Aceessed. May, 2022 |
| 6 | "VisualCodeGrepper", https://github.com/nccgroup/VCG, Aceessed. May, 2022 |
| 7 | "Bandit", https://github.com/PyCQA/bandit, Aceessed. May, 2022 |
| 8 | "Sparrow SCA", https://www.sparrowfasoo.com/ko/product/sca, Aceessed. May, 2022 |
| 9 | "Apache Log4j Security Vulnerabilities", https://logging.apache.org/log4j/2.x/security.html, Aceessed. May, 2022 |
| 10 | "Log4Shell", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-442 28, Aceessed. May, 2022 |
| 11 | "WhiteSource Bolt", https://www.whitesourcesoftware.com/free-developer-tools/bolt/, Aceessed. May, 2022 |
| 12 | "Snyk", https://snyk.io/, Aceessed. May, 2022 |
| 13 | "ParaSoft", https://www.parasoft.com/, Aceessed. May, 2022 |
| 14 | Jeong-Seok Yoo, et al. "A Study on Analysis of Open Source Analysis Tools in Web Service" Proceedings of the Korea Information Processing Society Conference 21.1 pp. 475-478, 2014 |
| 15 | Ha-Yong Lee, "Usability Quality Evaluation Criteria of e-Learning Software Applying the ISO Quality Evaluation System" Journal of Digital Convergence, Vol. 16. No. 5, pp. 239-245, 2018 DOI |
| 16 | Jiho Bang, Rhan Ha, "Comparing Open Source Static Security Analysis Tools based on Software Weakness." Proceedings of the Korean Information Science Society Conference, pp. 753-755, 2013 |
| 17 | Shin-wook Heo, Young-jin In, Chang-jun Park, Ho-won Kim, "A Study on security vulnerability of Open Source", Proceedings of Korea Computer Congress, 2016 |
| 18 | Rodriguez, Moises, Jesus Ramon Oviedo, and Mario Piattini. "Evaluation of Software Product Functional Suitability: A Case Study.", Software Quality Professional 18.3, 2016. |
| 19 | Paz, Freddy, and Jose Antonio Pow-Sang. "A systematic mapping review of usability evaluation methods for software development process." International Journal of Software Engineering and Its Applications 10.1, pp. 165-178, 2016. DOI |
| 20 | Arusoaie, Andrei, et al. "A comparison of open-source static analysis tools for vulnerability detection in c/c++ code." 2017 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). IEEE, 2017. |
| 21 | Li, Jingyue, Sindre Beba, and Magnus Melseth Karlsen. "Evaluation of open-source IDE plugins for detecting security vulnerabilities." Proceedings of the Evaluation and Assessment on Software Engineering. pp. 200-209. 2019. |
| 22 | "Guidelines for Evaluating the Technological Competencies of Software Business Entities", https://www.law.go.kr/LSW/admRulLsInfoP.do?admRulSeq=2100000195991, 2020 |
| 23 | "scikit-learn", https://github.com/scikit-learn/scikit-learn, Aceessed. May, 2022 |
| 24 | "decompress", https://github.com/kevva/decompress, Aceessed. May, 2022 |
| 25 | "xstream", https://github.com/x-stream/xstream, Aceessed. May, 2022 |
| 26 | "shadowsocks", https://github.com/shadowsocks/shadowsocks-windows, Aceessed. May, 2022 |
| 27 | "react", https://github.com/facebook/react, Aceessed. May, 2022 |
| 28 | "redis", https://github.com/redis/redis, Aceessed. May, 2022 |
| 29 | "mongo", https://github.com/mongodb/mongo, Aceessed. May, 2022 |
| 30 | "opencv", https://github.com/opencv/opencv, Aceessed. May, 2022 |
| 31 | "godot", https://github.com/godotengine/godot, Aceessed. May, 2022 |
| 32 | Hye-Jung Jung, "The Software Quality Testing on the basis of the International Standard ISO/IEC 25023", Journal of the Korea Convergence Society, Vol. 7. No. 6, pp. 35-41, 2016 DOI |
| 33 | "Labrador OSS", https://iotcube.com/products/labrador-oss/?lang=ko, Aceessed. May, 2022 |
| 34 | "HeartBleed", https://ko.wikipedia.org/wiki/%ED%95%98%ED%8A%B8%EB%B8%94%EB%A6%AC%EB%93%9C, Aceessed. May, 2022 |
| 35 | "CVE", https://cve.mitre.org/, Aceessed. May, 2022 |
| 36 | "FlawFinder", https://dwheeler.com/flawfinder/, Aceessed. May, 2022 |
| 37 | "BlackDuck", https://www.blackducksoftware.com/, Aceessed. May, 2022 |
| 38 | S.-W. Kang and H.-S. Yang, "Quality Evaluation of Criterion Construction for Open Source Software," Journal of Digital Convergence, vol. 11, no. 2, pp. 323-330, Feb. 2013. DOI |
| 39 | Deepika Sagar, Sahil Kukreja, JwngfuBrahma, "STUDYING OPEN SOURCE VULNERABILITY SCANNERS FOR V ULNERABILITIES IN WEB APPLICA TIONS", IIOAB Journal 9(2) pp. 43-49 January, 2018 |
| 40 | Miguel, Jose P., David Mauricio, and Glen Rodriguez. "A review of software quality models for the evaluation of software products." arXiv preprint arXiv:1412.2977, 2014 |
| 41 | "htmlunit", https://github.com/HtmlUnit/htmlunit, Aceessed. May, 2022 |
| 42 | "whitesourcesoftware", "All About Whit eSource's 2021 Open Source Security Vulnerabilities Report", AYALA GOLD STEIN, APRIL 14, 2021 |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
