• Journal of Multimedia Information System
• /
• v.8 no.4
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.973-983
• /
• 2019

The importance of information security has been increasingly emphasized at the national, organizational, and individual levels due to the widespread adoption of software applications. High-safety software, which includes embedded software, should run without errors, similar to software used in the airline and nuclear energy sectors. Software development techniques in the above sectors are now being used to improve software security in other fields. Secure coding, in particular, is a concept encompassing defensive programming and is capable of improving software security. In this paper, we propose a software security vulnerability detection method using an improved coding standard searching technique. Public static analysis tools were used to assess software security and to classify the commands that induce vulnerability. Software security can be enhanced by detecting Application Programming Interfaces (APIs) and patterns that can induce vulnerability.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.921-932
• /
• 2015

We proposed a new scoring system on software vulnerabilities, which calculates quantitatively the severity of software vulnerabilities. The proposed scoring system consists of metrics for vulnerability severity and scoring equations; the metrics are designed to measure the severity of a software vulnerability considering the prevalence of the vulnerability, the risk level of the vulnerability, the domestic market share of the software and the frequency of the software. We applied the proposed scoring system to domestically reported software vulnerabilities, and discussed the effectiveness of the scoring system, comparing it with CVSS and CWSS. We also suggested the prospective utilization areas of the proposed scoring system.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.75-78
• /
• 2005

Although many tests for stabilization of the software have been done, vulnerability test for a system run by combination of the software of various products has not been conducted enough. This has led to increased threats and vulnerability of system. Especially, web-based software system, which is public, has inherent possibility of exposure to attacks and is likely to be seriously damaged by an accident. Consequently, comprehensive and systematic test plans and techniques are required. Moreover, it is necessary to establish a procedure for managing and handling the results of vulnerability test. This paper proposes vulnerability test plans and designs for implementing automated tools, both of which can be complied with on web-based software systems.

• Journal of Korea Multimedia Society
• /
• v.18 no.2
• /
• pp.199-206
• /
• 2015

Since security vulnerabilities newly discovered in a popular Web browser immediately put a number of users at risk, urgent attention from developers is required to address those vulnerabilities. Analysis of characteristics in the Web browser vulnerabilities can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. So far, being a new research area, the quantitative aspects of the Web browser vulnerabilities and risk assessments have not been fully investigated. However, due to the importance of Web browser software systems, further detailed studies are required related to the Web browser risk assessment, using rigorous analysis of actual data which can assist decision makers to maximize the returns on their security related efforts. In this paper, quantitative software vulnerability analysis has been presented for major Web browsers with respect to the Common Vulnerability Scoring System. Further, vulnerability discovery trends in the Web browsers are also investigated. The results show that, almost all the time, vulnerabilities are compromised from remote networks with no authentication required systems. It is also found that a vulnerability discovery model which was originally introduced for operating systems is also applicable to the Web browsers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.347-350
• /
• 2016

Analysis of vulnerability of the software for risk. The weakness of the software material, the importance of strengthening security in accordance with financial damage occurred is emerging. There is a potential risk factor not only from the case, the manufacturing to use the software company that appropriate to use a software business and personal risk of loss to size.In this paper due to diagnose and vulnerabilities in software, diagnosis, the curriculum and to cultivate a diagnostic guide, and security vulnerabilities in software.Proposal system for increased.

• Journal of Multimedia Information System
• /
• v.4 no.2
• /
• pp.57-64
• /
• 2017

Numerous software vulnerabilities have been found in the popular operating systems. And recently, robust linear behaviors in software vulnerability discovery process have been noticeably observed among the many popular systems having multi-versions released. Software users need to estimate how much their software systems are risk enough so that they need to take an action before it is too late. Security vulnerabilities are discovered throughout the life of a software system by both the developers, and normal end-users. So far there have been several vulnerability discovery models are proposed to describe the vulnerability discovery pattern for determining readiness for patch release, optimal resource allocations or evaluating the risk of vulnerability exploitation. Here, we apply a linear vulnerability discovery model into Windows operating systems to see the linear discovery trends currently observed often. The applicability of the observation form the paper show that linear discovery model fits very well with aggregate version rather than each version.

• Journal of Information Technology Applications and Management
• /
• v.27 no.6
• /
• pp.89-99
• /
• 2020

Cloud computing is rapidly increasing for achieving comfortable computing. Cloud computing has essentially security vulnerability of software and hardware. For achieving secure cloud computing, the vulnerabilities of cloud computing could be analyzed in a various and systematic approach from perspective of the service designer, service operator, the designer of cloud security and certifiers of cloud systems. The paper investigates the vulnerabilities and security controls from the perspective of administration, and systems. For achieving the secure operation of cloud computing, this paper analyzes technological security vulnerability, operational weakness and the security issues in an enterprise. Based on analysis, the paper suggests secure establishments for cloud computing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.969-974
• /
• 2014

CC (Common Criteria) requires collecting vulnerability information and analyzing them by using penetration testing for evaluating IT security products. Under the time limited circumstance, developers cannot help but apply vulnerability analysis at random to the products. Without the systematic vulnerability analysis, it is inevitable to get the diverse vulnerability analysis results depending on competence in vulnerability analysis of developers. It causes that the security quality of the products are different despite of the same level of security assurance. It is even worse for the other IT products that are not obliged to get the CC evaluation to be applied the vulnerability analysis. This study describes not only how to apply vulnerability taxonomy to IT security vulnerability but also how to manage security quality of IT security products practically.