• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.8
• /
• pp.651-662
• /
• 2013

In this study, we suggest the selecting evaluation method considering 6 major factors like Compliance system application (Development language conformance, Platform Compliance), threat evaluation (criticality of security incident, possibility of security incident), application benefit (Reliability / quality improvement, Modify Cost) for appropriate secure coding rule selecting evaluation. Using this method, we selected and make a set consist of 197 secure coding rules for Battlefield Management System Software. And calculated the application priority for each rules.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.4
• /
• pp.335-343
• /
• 2013

If the SW weaknesses, which are the main cause of cyber breaches, are analyzed and removed in the SW development stages, the cyber breaches can be prevented effectively. In case of Domestic, removing SW weaknesses by applying Secure SDLC(SW Development Life Cycle) has become mandatory. In order to analyze and remove the SW weaknesses effectively, reliable SW weakness diagnostic tools are required. Therefore, we propose the functional requirements of diagnostic tool which is suitable for the domestic environment and the evaluation methodology which can assure the reliability of the diagnostic tools. Then, to analyze the effectiveness of the proposed evaluation framework, both demonstration results and process are presented.

• Journal of the Korea Convergence Society
• /
• v.10 no.6
• /
• pp.1-6
• /
• 2019

This paper examines the complexity of recent SW development such as the 4th industry to apply the requirement engineering and redimimn application to the project to solve the difficulty of scope management during project management of medium and small businesses. These engineering techniques were applied to mid-sized and small-sized SW development projects. It was verified through supervision of 15 SW development projects. As a result, we observed about 30% reduction in related issues. In addition, Redmimn was introduced to SW development projects involving medium and small sized companies, and it proved that it has the effect of shortening delivery time through requirement management and tracking management. In order to secure the safety of the SW system development project, it is necessary to apply the required engineering techniques and tools, and it is necessary to continuously cultivate professional manpower to carry out this.

• Journal of Internet Computing and Services
• /
• v.21 no.1
• /
• pp.57-70
• /
• 2020

This study examines the subjective perception of software developers on happiness at work through the Q-sort methodology. Analysis of 63 respondents revealed four types happiness at work with highly differentiated characteristics: 'stability of work oriented', 'defiant self-driven, technology-oriented', 'realistic professionalism oriented', and 'genuinely technology and task-immersion oriented'. The 'defiant self-driven, technology-oriented' and 'genuinely technology and task-immersion oriented' types are interested in latest ICT and consider recognition of one's professionalism as well as self-realization result in happiness at work. On the other hand, the 'stability of work oriented' and 'realistic professionalism oriented' types did not pay much attention to one's growth of technical career but emphasized salary, welfare benefits and job promotion as the most important factors in happiness at work. Today, extraordinary SW developers are a key factor to acquire industrial competitiveness. Nations and corporations should prepare realistic ways to promote overall happiness at work by accurately understanding the varying characteristics and predisposition of domestic ICT personnel. In Korea, it is found that there is a shortage of 'genuinely technology and task-immersion oriented' SW developers. In order to secure national and industrial competitiveness in the era of the Fourth Industrial Revolution, creation of work ecosystem to promote high levels of happiness at work is required to secure quality software production and pride as an ICT professional.

• Journal of IKEEE
• /
• v.22 no.2
• /
• pp.242-249
• /
• 2018

In this paper, we identify the code vulnerabilities that can be automatically detected through Visual Studio (VS) compiler and code analyzer based on a secure coding rule set which is optimized for development of battlefield information system. Then we describe a weak point item that can be dealt with at the implementation stage without depending on the understanding or ability of the individual programmer's secure coding through the implementation of the secure coding library. Using VS compiler and the code analyzer, the developers can detect only about 38% of security weaknesses. But with the help of the proposed secure coding library, about 48% of security weaknesses can be detected and prevented in the proactive diagnosis in the development stage.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.117-124
• /
• 2014

Software Development Security is defined as a sequential procedure such as deleting potential security vulnerability for secure software development, designing or implementing various functions with considering security, and so on. In this paper, we research on domestic or international hacking cases that could damage us mentally or financially. Seventy five percent of Web-site attacks abuses weak points of application programs, or software. We also research on major issues related to software development security with these demerits. And then, we propose public and private laws, regulations, or systems and give some examples with detailed descriptions.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.6
• /
• pp.193-204
• /
• 2022

In a smart factory environment in a small and medium-sized enterprise (SME) environment, sensors and actuators operating on actual manufacturing lines, programmable logic controllers (PLCs) to manage them, human-machine interface (HMI) to control and manage such PLCs, and consists of operational technology server to manage PLCs and HMI again. PLC and HMI, which are in charge of control automation, perform direct connection with OT servers, application systems for factory operation, robots for on-site automation, and production facilities, so the development of security technology in a smart factory environment is demanded. However, smart factories in the SME environment are often composed of systems that used to operate in closed environments in the past, so there exist a vulnerable part to security in the current environment where they operate in conjunction with the outside through the Internet. In order to achieve the internalization of smart factory security in this SME environment, it is necessary to establish a process according to the IEC 62443-4-1 Secure Product Development Life cycle at the stage of smart factory SW and HW development. In addition, it is necessary to introduce a suitable development methodology that considers IEC 62443-4-2 Component security requirements and IEC 62443-3 System security requirements. Therefore, this paper proposes an application plan for the IEC 62443 based development security process to provide security internalization to smart factories in an SME environment.

• The Journal of Korean Association of Computer Education
• /
• v.21 no.2
• /
• pp.31-40
• /
• 2018

The purpose of this study is to analyze the perception of elementary and secondary parents on 'Informatics' education to solve the various social problems that can occur due to the application of mandatory 'Informatics' subject and find the stable public education settlement plans. For this purpose, we conducted and analysis of questionnaire survey on 'Informatics' education for parents of elementary and secondary students who participating the SW education camp in K university. The major results of this study are as follows. Firstly, both of elementary and secondary parents show high interest in the SW education policy of the government, but they are showing distrust about the timeliness of the actual SW education policy and the support of elementary and secondary education. Secondly, both of the elementary and secondary parents showed high awareness of the necessity and importance of 'Informatics' education and they recognized that 'Informatics' education should be done in high school. Thirdly, parents of elementary and secondary school students perceive that there is not enough time for 'Informatics' education and both of elementary and secondary parents to secure teachers with professional competence as a leading factor for stable settlement of 'Informatics' education in public education field. In this study, we suggested the stable settlement plans in public education field based on the analysis results.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• Information Systems Review
• /
• v.21 no.4
• /
• pp.99-123
• /
• 2019

The software industry is a high value-added industry in the knowledge information age, and its importance is growing as it not only plays a key role in knowledge creation and utilization, but also secures global competitiveness. Among various SW available in today's business environment, Open Source Software(OSS) is rapidly expanding its activity area by not only leading software development, but also integrating with new information technology. Therefore, the purpose of this research is to empirically examine and analyze the effect of factors on the switching behavior to OSS. To accomplish the study's purpose, we suggest the research model based on "Push-Pull-Mooring" framework. This study empirically examines the two categories of antecedents for switching behavior toward OSS. The survey was conducted to employees at various firms that already switched OSS. A total of 268 responses were collected and analyzed by using the structural equational modeling. The results of this study are as follows; first, continuous maintenance cost, vender dependency, functional indifference, and SW resource inefficiency are significantly related to switch to OSS. Second, network-oriented support, testability and strategic flexibility are significantly related to switch to OSS. Finally, the results show that willingness to secures SW competitiveness has a moderating effect on the relationships between push factors and pull factor with exception of improved knowledge, and switch to OSS. The results of this study will contribute to fields related to OSS both theoretically and practically.