• Title/Summary/Keyword: SBOM

Search Result 11, Processing Time 0.013 seconds

A Study on the Development and Application of Efficient Evaluation Criteria for Performance Testing of Commercial Open Source Vulnerability Scanning Tools (상용 오픈소스 취약점 스캐닝 도구의 성능 시험을 위한 효율적 평가 기준 개발 및 적용)

  • Shin, Kangsik;Jung, Dong-Jae;Choe, Min-Ji;Cho, Ho-Mook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.709-722
    • /
    • 2022
  • The recent "Log4j Security Vulnerability Incident" has occurred, and the information system that uses the open source "Log4J" has been exposed to vulnerabilities. The incident brought great vulnerabilities in the information systems of South Korea's major government agencies or companies and global information systems, causing problems with open source vulnerabilities. Despite the advantages of many advantages, the current development paradigm, which is developed using open source, can easily spread software security vulnerabilities, ensuring open source safety and reliability. You need to check the open source. However, open source vulnerability scan tools have various languages and functions. Therefore, the existing software evaluation criteria are ambiguous and it is difficult to evaluate advantages and weaknesses, so this paper has developed a new evaluation criteria for the vulnerability analysis tools of open source