@techreport{oai:ipsj.ixsq.nii.ac.jp:02001537,
 author = {峰岡,侑都 and 寺田,真敏 and Yuto Mineoka and Masato Terada},
 issue = {61},
 month = {Mar},
 note = {脆弱性報告の増加に伴い，IT資産の脆弱性管理の重要性が高まっている．脆弱性を悪用した被害を防ぐには，IT資産と脆弱性対策情報の迅速なマッチングが求められるが，現状は手作業で行われており，自動化が急務である．本稿では，自動化を実現するため，ベンダ，脆弱性対策データベース，IT資産を連携させる「製品辞書」の構築を検討する．特に，IT資産情報と脆弱性対策情報を結びつける製品識別子に着目し，PCから取得可能なソフトウェア情報を基に製品識別子を生成し，マッチングの課題を明らかにする．さらに，製品辞書の運用に向けたデータベースとインターフェイスの設計を提案する．, With the increase in vulnerability reports, vulnerability management of IT assets is becoming increasingly important. To prevent damage from vulnerability exploitation, rapid matching of IT assets and vulnerability information is required. However, this is currently done manually, and automation is urgently needed. This paper examines the construction of a “product dictionary” that links vendors, vulnerability countermeasure databases, and IT assets in order to achieve automation. In particular, we focus on product identifiers that link IT asset information and vulnerability countermeasure information, generate product identifiers based on software information that can be obtained from PCs, and clarify matching issues. Furthermore, we propose a database and interface design for the operation of the product dictionary.},
 title = {インベントリ情報から生成するソフトウェア識別子を用いたIT資産及び脆弱性管理手法の検討},
 year = {2025}
}