Cost Based Vulnerability Control Method Using Static Analysis Tool |
Lee, Ki Hyun
(단국대학교 컴퓨터학과 소프트웨어보안)
Kim, Seok Mo (단국대학교 컴퓨터학과 소프트웨어보안) Park, Young B. (단국대학교 전자계산학과) Park, Je Ho (단국대학교 전자계산학과) |
1 | Gartner, Now is the time for security at Application Level [Internet], https://www.sela.co.il/_Uploads/dbsAttachedFiles/GartnerNowIsTheTimeForSecurity.pdf. |
2 | Department of Homeland Security, Practical Measurement Framework for Software Assurance and Information Security [Internet], http://buildsecurityin.us-cert.gov/. |
3 | NIST, The Economic Impacts of Inadequate Infrastructure for Software Testing, 2002. |
4 | M. G. Choi and M. J. Jeon, "Analysis of Methodologies for Security Development Lifecycle for Security Enhancement System," KIMS Spring Symposium, 2010, pp.418-425. 2010. |
5 | Microsoft, Introduction to the Microsoft Security Development Life cycle [Internet], http://www.microsoft.com/security/sdl. |
6 | NIPA Software Engineering Center, Software Engineering Withe Book, ch.3, pp.176-183, 2013. |
7 | Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda, "Pixy: A static analysis tool for detecting web application vulnerabilities," in Security and Privacy, 2006 IEEE Symposium on, pp.258-263. IEEE, 2006. |
8 | Sung min Ahn, Min Sik Jin, and Kyu Jin Cho, "Detecting Software security vulnerability with of Software Security Vulnerabilities," Communication of the Korean Institute of Information Scientists and Engineer, Vol.28, No.2, pp.32-36, 2010. |
9 | Mitre, CWE./SANS Top 25 [Internet], http://cwe.mitre.org/top25/. |
10 | Mitre, CWSS [Internet], http://cwe.mitre.org/cwss/cwss_v1.0.1.html. |
11 | Leung, Hareton and Zhang Fan, "Software cost estimation," Handbook of Software Engineering, Hong Kong Polytechnic University, 2002. |
12 | S. K. Choi and E. H. Choi, "Study on validating proper System Requirements by using Cost Estimations Methodology," KCSA Transactions on Convergence Security, Vol.13, No.5, pp.97-105, 2013. |
13 | HP fortify [Internet], http://www8.hp.com/h20195/v2/GetPDF.aspx/4AA5-7039ENW.pdf. |
14 | Sung hae Kim, Jin ho Joo, Gunsoo Lee, and Gi hwon Kown, "Implementation of Code Vulnerabilities Checker for Secure Software," in Proceedings of the Korean Society For Internet Information, Vol.2010, No.6, pp,605-608, 2010. |