• Title/Summary/Keyword: Open-Source Software

Search Result 625, Processing Time 0.034 seconds

A Study on Exploitable Verification for Secure Open Source Software (안전한 오픈소스 소프트웨어를 위한 익스플로잇터블 검증에 관한 연구)

  • Kim, Bumryong;Song, JunHo;Kim, Geon;Jun, Moon-Seog
    • Annual Conference of KIPS
    • /
    • 2015.10a
    • /
    • pp.617-619
    • /
    • 2015
  • 최근 IT 제품의 활용의 증가와 함께 소프트웨어는 컴퓨터를 넘어 적용 범위가 더욱 넓어지고 그에 따른 수요 또한 급격히 성장하고 있다. 또한 상용 소프트웨어와 더불어 오픈소스 소프트웨어(Open Source Software)의 수요도 함께 급성장하고 있다. 하지만 오픈소스 소프트웨어는 보안에 대한 전문지식이 없는 개발자에 의해 개발이 이루어진다. 이에 하트블리드(HeartBleed), 쉘쇼크(ShellShock)와 같은 다양한 보안취약점(Security Vulnerabilities)이 발생하고 있으며 공격으로 이어지는 사례도 늘고 있다. 따라서 본 논문에서는 다른 소프트웨어 점검 도구들과 연계하여 발견된 보안취약점이 익스플로잇터블(Exploitable)한 지 검증하는 엔진을 제안한다.

A Study on the Utilization of the selection indicator for the introduction of reliable OSS(Open Source Software) (신뢰성 있는 공개SW 도입을 위한 선정지표 활용방안에 관한 연구)

  • Cho, Dong-Hyung;Park, Sung-Ho;Kim, Tae-Yeol;Yang, Yu-Kil
    • Annual Conference of KIPS
    • /
    • 2012.11a
    • /
    • pp.722-725
    • /
    • 2012
  • 최근 이슈가 되고 있는 클라우드 컴퓨팅, 빅데이터, 모바일 등 다양한 분야에서 공개SW 기반 시스템을 도입하여 적용하는 사례가 증가하고 있으나, 수많은 공개SW 중 신뢰성 있는 솔루션을 선택하는 것은 많은 시간과 비용이 발생한다. 이에 공개SW 도입 시 고려해야하는 항목을 도출하여 선정지표를 개발하였으며, 실제 공개SW 도입을 위한 조사 및 선정 단계에서 선정지표를 활용하여 업무 적합성, 성숙도 등을 고려한 최적의 공개SW 선정할 수 있는 기준을 제공하고자한다. 또한 선정지표를 활용하여 WEB, WAS, DB 등 공개SW 솔루션에 대한 평가 사례를 살펴보고, 향후 선정지표를 활용할 수 있는 방안을 제안한다.

OSS (Open Source Software) Usage Considerations and Verification Method (OSS 활용 고려사항과 검증 방법)

  • Park, J.H.;Park, Y.S;Kim, H.K.;Kim, Y.K.
    • Electronics and Telecommunications Trends
    • /
    • v.34 no.1
    • /
    • pp.142-153
    • /
    • 2019
  • In this paper, we focus on the process of using open source software (OSS) and factors that should be considered when using project-based OSS. We also elaborate on how to avoid using OSS licenses in an OSS-based technology development process, why dual OSS licenses and security threats should be avoided, and the method of notification after use. In addition, the OSS license verification method and environment are described in the course of project development. In the verification method, the OSS license used for technology development in the course of project execution is validated in advance by the person who decides whether or not to use the OSS, and then additional verification using the tool after technology development. It is expected that this paper will be helpful for establishing the OSS usage consideration and the license verification procedure, and environment in the future.

Static Analysis Tools Against Cross-site Scripting Vulnerabilities in Web Applications : An Analysis

  • Talib, Nurul Atiqah Abu;Doh, Kyung-Goo
    • Journal of Software Assessment and Valuation
    • /
    • v.17 no.2
    • /
    • pp.125-142
    • /
    • 2021
  • Reports of rampant cross-site scripting (XSS) vulnerabilities raise growing concerns on the effectiveness of current Static Analysis Security Testing (SAST) tools as an internet security device. Attentive to these concerns, this study aims to examine seven open-source SAST tools in order to account for their capabilities in detecting XSS vulnerabilities in PHP applications and to determine their performance in terms of effectiveness and analysis runtime. The representative tools - categorized as either text-based or graph-based analysis tools - were all test-run using real-world PHP applications with known XSS vulnerabilities. The collected vulnerability detection reports of each tool were analyzed with the aid of PhpStorm's data flow analyzer. It is observed that the detection rates of the tools calculated from the total vulnerabilities in the applications can be as high as 0.968 and as low as 0.006. Furthermore, the tools took an average of less than a minute to complete an analysis. Notably, their runtime is independent of their analysis type.

A Python-based educational software tool for visualizing bioinformatics alignment algorithms

  • Elis Khatizah;Hee-Jo Nam;Hyun-Seok Park
    • Genomics & Informatics
    • /
    • v.21 no.1
    • /
    • pp.15.1-15.4
    • /
    • 2023
  • Bioinformatics education can be defined as the teaching and learning of how to use software tools, along with mathematical and statistical analysis, to solve biological problems. Although many resources are available, most students still struggle to understand even the simplest sequence alignment algorithms. Applying visualizations to these topics benefits both lecturers and students. Unfortunately, educational software for visualizing step-by-step processes in the user experience of sequence alignment algorithms is rare. In this article, an educational visualization tool for biological sequence alignment is presented, and the source code is released in order to encourage the collaborative power of open-source software, with the expectation of further contributions from the community in the future. Two different modules are integrated to enable a student to investigate the characteristics of alignment algorithms.

Analysis on Dynamic Software Defects for Increasing Weapon System Reliability (국방 무기체계 소프트웨어 신뢰성 향상을 위한 소프트웨어 동적 결함 분석)

  • Park, Jihyun;Choi, Byoungju
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.7 no.7
    • /
    • pp.249-258
    • /
    • 2018
  • The importance of software in military weapon systems is increasing, and the software structure is becoming more complicated. We therefore must thoroughly verify its reliability. In particular, the defects from the interaction of the software components that make up the weapon system are difficult to prevent only with static testing and code coverage level dynamic testing. In this paper, we classify dynamic software defect types and analyze the issues reported in the Open Source Software (OSS) used in the US department of defense weapon systems. The dynamic defects classified in this paper usually occur after integration, and it is difficult to reproduce and identify the cause. Based on this analysis, we come to the point that the software integration test must be enhanced in order to verify the reliability of the weapon system.

A Study of Unit Testing Frameworks on Open Source C++ (오픈 소스 C++에서의 유닛 테스팅 프레임워크에 관한 고찰)

  • Heo, Seok-Yeol;Sohn, Young-Ho
    • Convergence Security Journal
    • /
    • v.13 no.4
    • /
    • pp.33-39
    • /
    • 2013
  • Unit testing is proved to be vital for a successful software development process. Modern languages, such as Python, Java and C#, have a great support and tools for unit testing. But when it comes to C++, there are a big number of C++ frameworks available [List], and it becomes hard to make a choice of unit testing framework to use. This paper presents a survey of open source C++ unit testing frameworks by dividing open source C++ unit testing frameworks into two groups: frameworks with an integrated test runner and frameworks with a separate test runner.

Applicability of Geo-spatial Processing Open Sources to Geographic Object-based Image Analysis (GEOBIA)

  • Lee, Ki-Won;Kang, Sang-Goo
    • Korean Journal of Remote Sensing
    • /
    • v.27 no.3
    • /
    • pp.379-388
    • /
    • 2011
  • At present, GEOBIA (Geographic Object-based Image Analysis), heir of OBIA (Object-based Image Analysis), is regarded as an important methodology by object-oriented paradigm for remote sensing, dealing with geo-objects related to image segmentation and classification in the different view point of pixel-based processing. This also helps to directly link to GIS applications. Thus, GEOBIA software is on the booming. The main theme of this study is to look into the applicability of geo-spatial processing open source to GEOBIA. However, there is no few fully featured open source for GEOBIA which needs complicated schemes and algorithms, till It was carried out to implement a preliminary system for GEOBIA running an integrated and user-oriented environment. This work was performed by using various open sources such as OTB or PostgreSQL/PostGIS. Some points are different from the widely-used proprietary GEOBIA software. In this system, geo-objects are not file-based ones, but tightly linked with GIS layers in spatial database management system. The mean shift algorithm with parameters associated with spatial similarities or homogeneities is used for image segmentation. For classification process in this work, tree-based model of hierarchical network composing parent and child nodes is implemented by attribute join in the semi-automatic mode, unlike traditional image-based classification. Of course, this integrated GEOBIA system is on the progressing stage, and further works are necessary. It is expected that this approach helps to develop and to extend new applications such as urban mapping or change detection linked to GIS data sets using GEOBIA.

Role of Project Owner in OSS Project: Based on Impression Formation and Social Capital Theory (오픈소스 소프트웨어 운영자 역할이 성과에 미치는 영향: 인상형성과 사회적 자본 이론을 중심으로)

  • Lee, Saerom;Baek, Hyunmi;Jahng, Jungjoo
    • The Journal of Society for e-Business Studies
    • /
    • v.21 no.2
    • /
    • pp.23-46
    • /
    • 2016
  • With the increasing socio-economic value of an open collaboration over the Internet, it has become significantly important to successfully manage open source software development program. Most of the previous research have focused on various factors that influence the performance of the project, but studies on how the project owners recognized as "leader" affect the outcome of the project are very limited. This research investigates how individual and governance characteristics of an owner influences the performance of project based on impression formation and social capital theory. For a data set, we collect 611 Repositories and the owner's data from the open source development platform Github, and we form knowledge sharing network of an each repository by using social network analysis. We use hierarchical regression analysis, and our results show that a leader, who exposes a lot of one's personal information or who has actively followed and showed interests to communicate with other developers, affects positive impacts on project performance. A leader who has a high centrality in knowledge sharing network also positively affects on project performance. On the other hand, if a leader was highly willing to accept external knowledge or is recognized as an expert in the community with large numbers of followers, the result show negative impacts on project performance. The research may serve as a useful guideline not only for the future open source software projects but also for the effective management of different types of open collaboration.

Case Study of Wind Farm Design Using OpenWind - Youngdeok Wind Farm (OpenWind를 이용한 풍력단지설계 사례연구 -영덕풍력단지)

  • Kim, Hyun-Goo;Hwang, Hyo-Jeong;Kim, Ju-Hyun;Ko, Soo-Hee;Jung, Woo-Sik
    • Journal of Environmental Science International
    • /
    • v.19 no.9
    • /
    • pp.1169-1175
    • /
    • 2010
  • A case study for the design of a wind farm in complex terrain was carried out using the wind farm site analysis software OpenWind, which has an open-source platform and is free to use. The Youngdeok Wind Farm, constructed on mountainous terrain in Korea, was chosen as a model site; the design process reproduced using OpenWind. A comparison of the positions of the wind turbine derived from the OpenWind optimization process and the current positions were in good agreement. The annual energy production predicted by OpenWind compared with the prediction by the micrositing software, WindSim, were also validated to within 1%. Therefore, it was confirmed that OpenWind can be used for a practical wind farm design project. It is also anticipating that this paper will provide a prototype process for the design of a wind farm site and offer a database for the post-evaluation of a constructed wind farm in Korea.