• Title/Summary/Keyword: SW Secure Development

Search Result 23, Processing Time 0.031 seconds

Determinants Affecting Organizational Open Source Software Switch and the Moderating Effects of Managers' Willingness to Secure SW Competitiveness (조직의 오픈소스 소프트웨어 전환에 영향을 미치는 요인과 관리자의 SW 경쟁력 확보의지의 조절효과)

  • Sanghyun Kim;Hyunsun Park
    • Information Systems Review
    • /
    • v.21 no.4
    • /
    • pp.99-123
    • /
    • 2019
  • The software industry is a high value-added industry in the knowledge information age, and its importance is growing as it not only plays a key role in knowledge creation and utilization, but also secures global competitiveness. Among various SW available in today's business environment, Open Source Software(OSS) is rapidly expanding its activity area by not only leading software development, but also integrating with new information technology. Therefore, the purpose of this research is to empirically examine and analyze the effect of factors on the switching behavior to OSS. To accomplish the study's purpose, we suggest the research model based on "Push-Pull-Mooring" framework. This study empirically examines the two categories of antecedents for switching behavior toward OSS. The survey was conducted to employees at various firms that already switched OSS. A total of 268 responses were collected and analyzed by using the structural equational modeling. The results of this study are as follows; first, continuous maintenance cost, vender dependency, functional indifference, and SW resource inefficiency are significantly related to switch to OSS. Second, network-oriented support, testability and strategic flexibility are significantly related to switch to OSS. Finally, the results show that willingness to secures SW competitiveness has a moderating effect on the relationships between push factors and pull factor with exception of improved knowledge, and switch to OSS. The results of this study will contribute to fields related to OSS both theoretically and practically.

Resource Estimation of Actosity Gold Mineralized Belt, Uzbekistan (우즈베키스탄 악토시티 금광화대 자원량 평가)

  • Chi, Se-Jung;Park, Sung-Won;Kim, In-Joon;Heo, Chul-Ho
    • Economic and Environmental Geology
    • /
    • v.47 no.2
    • /
    • pp.169-180
    • /
    • 2014
  • Surface geological and trench surveys and drilling exploration (total length, 1,100 m; 9 drill holes) were carried out to secure new Au ore bodies in the area($0.96km^2$) of Actosity gold field, where is located at the western Kuldjuktau mineralized district in the middle territory of Uzbekistan. Several Au ore bodies occurring as tabular or lens shapes with thickness of 0.5~35 m were newly discovered on the outcrops and extended to $N40{\sim}70^{\circ}\;W$ direction with dipping of $70{\sim}90^{\circ}$ SW or NE. Indicated ore resource of gold with Au grade of 0.25~3.52 mg/kg was newly estimated by 2,382 t(gold resource of 2.5 t) as a result of 9 drilling exploration in 2010~2012 from the Actosity gold field. Judging from the ore resources and Au grade of the Actosity gold field, economic potentiality of mining development seems to be low. Because of high possibility to secure new ore resources through more detailed exploration works from the Actosity area, the growth of econonic value will be expected by a mine of middle scale.

Research on Major Weakness Rules for Secure Software Development (소프트웨어 개발 보안성 강화를 위한 주요 보안약점 진단규칙 연구)

  • Bang, Jiho;Ha, Rhan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38C no.10
    • /
    • pp.831-840
    • /
    • 2013
  • Recently, to enhance the security of software, static analysis tools for removing weaknesses, the cause of vulnerability, have been used a lot in the software development stage. Therefore, the tools need to have the rules being able to diagnose various weaknesses. Top 5 weaknesses found in the software developed by major domestic information projects from 2011 to 2012 is 76% of top 10 weaknesses per year. Software security can be improved a lot if top 5 weaknesses just are removed properly in software development. In this paper, we propose the PMD's rules for diagnosing the major weaknesses and present the results of its performance test.

Analysis of Metaverse Business Model and Ecosystem (메타버스 비즈니스 모델 및 생태계 분석)

  • Seok, W.H.
    • Electronics and Telecommunications Trends
    • /
    • v.36 no.4
    • /
    • pp.81-91
    • /
    • 2021
  • Recently, discussions on Metaverse, which represents the transcendent world, have been dominant for some time. Cases related to the Metaverse are introduced through various media and are continuously attracting attention as the next generation of the Internet. This study reviews the business model and the ecosystem overview, focusing on service cases related to the Metaverse. The widely used business models include content production and sales, media brokerage fee, and marketing fee. The Metaverse ecosystem is formed around games, with major players in game production, authoring tool & support SW, intelligent cloud service, and game platform expected to lead the market. Results show that a strategy to secure the leadership of the Metaverse, such as the business model expansion conditions, a strategy to foster a game-oriented Metaverse ecosystem, and technology development for the realization of the ultra-realistic Metaverse, is necessary.

A Study on Tools for Development of AI-based Secure Coding Inspection (AI 기반 시큐어 코딩 점검 도구 개발에 관한 연구)

  • Dong-Yeon Kim;Se-jin Kim;Do-Kyung Lee;Chae-Yoon Lee;Seung-Yeon Lim;Hyuk-Joon Seo
    • Annual Conference of KIPS
    • /
    • 2023.11a
    • /
    • pp.801-802
    • /
    • 2023
  • 시큐어 코딩은 해킹 등 사이버 공격의 원인인 보안 취약점을 제거해 안전한 소프트웨어를 개발하는 SW 개발 기법을 의미한다. 개발자의 실수나 논리적 오류로 인해 발생할 수 있는 문제점을 사전에 차단하여 대응하고자 하는 것이다. 그러나 현재 시큐어 코딩에는 오탐과 미탐의 문제가 발생한다는 단점이 있다. 따라서 본 논문에서는 오탐과 미탐이 발생하는 단점을 해결하고자 머신러닝 알고리즘을 활용하여 AI 기반으로 개발자의 실수나 논리적 오류를 탐지하는 시큐어 코딩 도구를 만들고자 한다. 다양한 모델을 사용하여 보안 취약점을 모아놓은 Juliet Test Suite를 전처리하여 학습시켰고, 정확도를 높이기 위한 과정 중에 있다. 향후 연구를 통해 정확도를 높여 정확한 시큐어 코딩 점검 도구를 개발할 수 있을 것이다.

A Study on Automatic Test Equipment Validation in the Realm of Defense (국방 분야 자동화시험장비 유효성 확인 방안에 관한 연구)

  • Pak, Se-Jin
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.21 no.9
    • /
    • pp.144-150
    • /
    • 2020
  • This study examined the current status of ATE in the development stage of the domestic guided weapons field, including the re-establishment of automatic test equipment (ATE), and attempted to develop methods to verify the validity of ATE in the defense sector. This study includes methods for confirming the repeatability and reproducibility of newly manufactured or replaced ATE. An error injection test is required for validation in the development phase. And pre-inspection steps are required for validation. When developing ATE, the use of an international standard testing script language ensures efficient validation and SW reliability. This ensures interoperability between the main and test equipment, and the tester can secure a test system platform that supports standardized testing methods, which is considered to be effective in validating specific ATE for each weapon system.

SW Convergence Strategy in Manufacturing/Service Industry : Software and Systems Product Line(SSPL) (제조/서비스 산업의 소프트웨어 융복합 전략 : 소프트웨어 및 시스템 프로덕트라인(SSPL))

  • Lee, Jihyun;Kee, Chang Jin;Kim, Deogtae;Kim, Changsun;Choi, Jongsup;Lee, Danhyung
    • Journal of Information Technology Services
    • /
    • v.11 no.4
    • /
    • pp.295-308
    • /
    • 2012
  • Software and Systems Product Line(SSPL) is a paradigm that has been developed and applied by European Union(EU) to achieve the productivity and competitiveness of EU industries on the world market. It is not just a simple system or software development methodology, but a sophisticated technology requiring capabilities for a high level of mass customization, platforms, processes and convergence of software and systems. EU has applied SSPL for the five selected industrial sectors including aerospace, automobile, medical equipment, consumer electronics and telecommunication equipment since 1990s and led the way to other industry sectors to stimulate the application of SSPL from 2006. In order for Korea to secure competitiveness in the manufacturing and service industries in the competitive borderless market, it is essential to gain the high level of capabilities for software development and convergence of software and systems. SSPL can be a powerful means to achieve this end. This paper discusses the paradigmatic concept of SSPL, how EU's major industries and companies have secured competitiveness through SSPL, key capabilities that are necessary for successful institutionalization of SSPL in Korea, and finally suggestions on core strategies to materialize the benefits of SSPL for Korea.

A Study on the Security Enhancement of the Industrial Control System through the Application of IEC 62443 Standards (IEC 62443 표준 적용을 통한 산업제어시스템 보안성 강화 연구)

  • Jin, Jungha;Kim, Juntae;Park, SangSeon;Han, Keunhee
    • Annual Conference of KIPS
    • /
    • 2021.11a
    • /
    • pp.280-283
    • /
    • 2021
  • SME(small and medium sized enterprise) 환경의 스마트공장 환경에서는 실제 제조라인에서 동작하는 센서(Sensor) 및 액추에이터(Actuator)와 이를 관리하는 PLC(Programmable Logic Controller), 더불어 그러한 PLC를 제어 및 관리하는 HMI(Human-Machine Interface), 그리고 다시 PLC와 HMI를 관리하는 OT(Operational Technology)서버로 구성되어 있으며, 제어자동화를 담당하는 PLC 및 HMI는 공장운영을 위한 응용시스템인 OT서버 및 현장 자동화를 위한 로봇, 생산설비와의 직접적인 연결을 수행하고 있어서 스마트공장 환경에서 보안 기술의 개발이 중점적으로 필요한 영역이다. 이러한 SME 환경의 스마트공장 보안 내재화를 이루기 위해서는, 스마트공장 SW 및 HW 개발 단계에서 IEC 62443-4-1 Secure Product Development Lifecycle에 따른 프로세스 정립 및 IEC 62443-4-2 Component 보안 요구사항과 IEC 62443-3-3 System 보안 요구사항에 적합한 개발 방법론의 도입이 필요하다.

How to Measure the Agglomeration Effects of Industrial Cluster : A Case Study of the FOODPOLIS ( KOREA NATIONAL FOOD CLUSTER ) (산업클러스터 효과 추정 방법에 관한 연구 : 국가식품클러스터조성사업 사례를 중심으로)

  • Kim, Jung-Wook;Kim, Suk-Young;Yang, Seung-Min
    • Journal of the Economic Geographical Society of Korea
    • /
    • v.15 no.1
    • /
    • pp.42-62
    • /
    • 2012
  • This paper suggests a genuine method to estimate the agglomeration effects of Industrial Cluster focusing on the FOODPOLIS (KOREA NATIONAL FOOD CLUSTER). In this study, we will focus on two issues related to the clustering effect. First, Clusters affect productivity, and a cluster allows companies to operate more productively in inputs; accessing technology, human resource, information, services, and needed institutions. Second, we assume that the effects of Industrial Cluster can be estimated from measurement on differency of an added value between large-scale enterprises and smaller ones. To demonstrate effectiveness of this approach, the estimated effect was compared with that from the related study (A Mini-Cluster). Industry Clusters have been considered as critical factors for regional competitiveness and economic revitalization. For this, the government and local government should find a way and strategy to provide useful contents that can attract the participation of firms and to secure strategic positioning and competition strategies.

  • PDF

Proposal : Improvement of Testing Frontier Capability Assessment Model through Comparing International Standards in Software Product and Software Testing Process Perspective (소프트웨어 제품과 프로세스 관점에서 국제표준과 비교를 통한 테스팅 프론티어 역량평가 모델 개선 방안)

  • Yoon, Hyung-Jin;Choi, Jin-Young
    • KIISE Transactions on Computing Practices
    • /
    • v.21 no.2
    • /
    • pp.115-120
    • /
    • 2015
  • The Testing Frontier Capability Assessment Model (TCAM) is based on ISO/IEC 9126, TMMi and TPI. Since ISO/IEC 9126, TMMi and TPI were made over 10 years ago, TCAM faces the problem that it can not assess and analyze the capability of small businesses that employ new software development methods or processes, for example Agile, TDD(Test Driven Development), App software, and Web Software. In this paper, a method to improve the problem is proposed. The paper is composed of the following sections: 1) ISO/IEC 9126, ISO/IEC 25010 and ISO/IEC/IEEE 29119 part 2 review 2) TCAM review 3) software product quality perspective comparison, and analysis between ISO/IEC 9126, ISO/IEC 25010 and TCAM 4) comparison, and analysis between ISO/IEC/IEEE 29119 part2 and TCAM and 5) proposal for the improvement of TCAM.