Browse > Article

Software Vulnerability, Assurance, and Security Testing  

Cho, Seong-Je (단국대학교)
Kim, Dong-Jin (단국대학교)
Publication Information
Communications of the Korean Institute of Information Scientists and Engineers / v.30, no.2, 2012 , pp. 9-21 More about this Journal
Keywords
Citations & Related Records
연도 인용수 순위
  • Reference
1 IATAC and DACS, "Software Security Assurance", State-of-the-Art Report(SOAR), Chap. 2, July 2007
2 Gary McGraw, "Software Security", IEEE Security & Privacy, pp. 80-83, March/April 2004.
3 Gary McGraw, "Software Security, Building Security In", Addison-Wesley, 2006
4 US Homeland Security, Software Assurance Home page-Community Resources and Information Clearinghouse, https://buildsecurityin.us-cert.gov/swa/
5 정보통신산업진흥원(NIPA), 2010년 소프트웨어 산업백서
6 F. Piessens, "A Taxonomy of Causes of Software Vulnerabilities in Internet Software", Supplementary Proceedings of the 13th International Symposium on Software Reliability Engineering, pages 47-52, November 2002, 또는 Extended version(with Examples):Technical Report(CW Reports), volume CW346, 11pages, Department of Computer Science, Belgium, August 2002
7 C. V. Berghe, J. Riordan, F. Piessens, "A Vulnerability Taxonomy Methodology applied to Web Services", Proceedings of the 10th Nordic Workshop on Secure IT Systems(NordSec 2005), pages 49-62, October 2005
8 Robert F. Dacey, "Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities", Information Security Issues, U.S. General Accounting Office(GAO), September 2003. http://www.gao.gov/new.items/d031138t.pdf
9 단국대 컴퓨터보안연구실, "소프트웨어 보안 취약점분류 방법 및 검출 방법에 관한 연구 국가보안기술연구소 위탁과제 연구결과 보고서, 2006년 10월
10 단국대 컴퓨터보안연구실, "소프트웨어의 보안취약성 분석 절차에 대한 방법 연구", 한국정보보호진흥원 위탁과제 연구결과보고서, 2003년 12월
11 Microsoft SDL home page, www.microsoft.com/security/sdl/
12 US Computer Emergency Readiness Team (US-CERT), Software Assurance, http://www.us-cert.gov/swa/
13 US Homeland Security, "Risk-Based Software Security Testing", Software Assurance Pocket Guide Series: Development Volume III Version 0.5, Sep. 2009. https://buildsecurityin.us-cert.gov/swa/downloads/TestingMWV0502AM091013.pdf
14 B. Potter and G. McGraw, "Software Security Testing", IEEE Security & Privacy, pp. 32-36, Sep./Oct. 2004.
15 CVE(Common Vulnerabilities and Exposures) home page: http://cve.mitre.org, and S. Christey, CVE and CVSS, Sep. 2010. available at: scap.nist.gov/events/2010/itsac/presentations/day1/SCAP_101-CVE_and_CVSS.pdf
16 CWE(Common Weakness Enumeration) home page:http://cwe.mitre.org and Top 25 Most Dangerous Software Error http://cwe.mitre.org/top25
17 Common Vulnerability Scoring System(CVSS-SIG) home page: http://www.first.org/cvss and S. Christey, Common Weakness scoring System(CWSS), Feb. 2011 (https://buildsecurityin.us-cert.gov/swa/presentations_032011/SteveChristey-CWSS.pdf)
18 NIST-SRD(SAMATE Reference Dataset) Project, ''http://samate.nist.gov/SRD/"
19 "Real World Fuzzing", Charlie Miller Independent Security Evaluators, October 20, 2007
20 "Fuzzing-Brute Force Vulnerability Discovery", Michael Sutton, 2007