WEKO3
アイテム
Visualization Method for Open Source Software Risk Related to Vulnerability and Developmental Status Considering Dependencies
https://ipsj.ixsq.nii.ac.jp/records/239370
https://ipsj.ixsq.nii.ac.jp/records/2393705b2376c4-4cbb-4efa-becc-5f9ae24f9a49
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6509016.pdf (5.0 MB)
2026年9月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-09-15 | |||||||||
| タイトル | ||||||||||
| タイトル | Visualization Method for Open Source Software Risk Related to Vulnerability and Developmental Status Considering Dependencies | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | Visualization Method for Open Source Software Risk Related to Vulnerability and Developmental Status Considering Dependencies | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | [特集:サプライチェーンを安全にするサイバーセキュリティ技術] open-source software, vulnerability management, visualization | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||
| 資源タイプ | journal article | |||||||||
| 著者所属 | ||||||||||
| Intelligent Systems Laboratory, SECOM CO., LTD. | ||||||||||
| 著者所属 | ||||||||||
| Graduate School of Engineering, Kobe University | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Intelligent Systems Laboratory, SECOM CO., LTD. | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Graduate School of Engineering, Kobe University | ||||||||||
| 著者名 |
Tomohiko, Yano
× Tomohiko, Yano
× Hiroki, Kuzuno
|
|||||||||
| 著者名(英) |
Tomohiko, Yano
× Tomohiko, Yano
× Hiroki, Kuzuno
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | In recent years, Open-source software (OSS) has become a mainstream technology essential to information systems. However, its secure application requires a comprehensive understanding of its various security risks. One of them is vulnerability risk. A vulnerability risk involves the discovery of a new vulnerability in the OSS in use, which must be immediately addressed by security administrators, such as software updates. On the other hand, developmental risks involve OSS that are not in active development. If the development of an OSS is stalled, an alternative OSS should be considered because newly identified vulnerabilities may not be fixed. Therefore, a specialized method is required to analyze vulnerability and developmental risks of OSS, while accounting for their dependencies. This paper proposes a method that identifies such security risks of OSS by extracting, linking, and visualizing the vulnerabilities, development status, and dependency information. The proposed method enables security administrators to check visualization results, identify OSS with security risks, and consider appropriate countermeasures. We experimentally evaluate the adequacy of the visualizations for the purpose of the identification of security risks, and calculate the processing time required to visualize the risks. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.767 ------------------------------ |
|||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | In recent years, Open-source software (OSS) has become a mainstream technology essential to information systems. However, its secure application requires a comprehensive understanding of its various security risks. One of them is vulnerability risk. A vulnerability risk involves the discovery of a new vulnerability in the OSS in use, which must be immediately addressed by security administrators, such as software updates. On the other hand, developmental risks involve OSS that are not in active development. If the development of an OSS is stalled, an alternative OSS should be considered because newly identified vulnerabilities may not be fixed. Therefore, a specialized method is required to analyze vulnerability and developmental risks of OSS, while accounting for their dependencies. This paper proposes a method that identifies such security risks of OSS by extracting, linking, and visualizing the vulnerabilities, development status, and dependency information. The proposed method enables security administrators to check visualization results, identify OSS with security risks, and consider appropriate countermeasures. We experimentally evaluate the adequacy of the visualizations for the purpose of the identification of security risks, and calculate the processing time required to visualize the risks. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.767 ------------------------------ |
|||||||||
| 書誌レコードID | ||||||||||
| 収録物識別子タイプ | NCID | |||||||||
| 収録物識別子 | AN00116647 | |||||||||
| 書誌情報 |
情報処理学会論文誌 巻 65, 号 9, 発行日 2024-09-15 |
|||||||||
| ISSN | ||||||||||
| 収録物識別子タイプ | ISSN | |||||||||
| 収録物識別子 | 1882-7764 | |||||||||
| 公開者 | ||||||||||
| 言語 | ja | |||||||||
| 出版者 | 情報処理学会 | |||||||||
