{"id":231553,"links":{},"created":"2025-01-19T01:31:55.398720+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00231553","sets":["581:11107:11121"]},"path":["11121"],"owner":"44499","recid":"231553","title":["Proposal of Vulnerability Assessment Tool for Software Supply Chain Security"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-12-15"},"_buckets":{"deposit":"01983751-4c29-4d0f-af15-29d91babed20"},"_deposit":{"id":"231553","pid":{"type":"depid","value":"231553","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Proposal of Vulnerability Assessment Tool for Software Supply Chain Security","author_link":["625234","625233","625238","625232","625231","625230","625236","625237","625235","625239"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Proposal of Vulnerability Assessment Tool for Software Supply Chain Security"},{"subitem_title":"Proposal of Vulnerability Assessment Tool for Software Supply Chain Security","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:次世代デジタルプラットフォームにおける情報流通を支えるセキュリティとトラスト] vulnerability assessment, SBOM, software supply chain security, related products, knowledge graph","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2023-12-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Hitachi Ltd."},{"subitem_text_value":"Hitachi Ltd."},{"subitem_text_value":"Hitachi Ltd."},{"subitem_text_value":"Hitachi Ltd."},{"subitem_text_value":"Hitachi Ltd."}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Hitachi Ltd.","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/231553/files/IPSJ-JNL6412011.pdf","label":"IPSJ-JNL6412011.pdf"},"date":[{"dateType":"Available","dateValue":"2025-12-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6412011.pdf","filesize":[{"value":"1.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"3cd7252d-3f32-4b01-937e-1f264eb790f8","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Rajulapati, Shourya"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoko, Kumagai"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ashokkumar, C"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Yamazaki"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hirofumi, Nakakoji"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Rajulapati, Shourya","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoko, Kumagai","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ashokkumar, C","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroki, Yamazaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hirofumi, Nakakoji","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Software supply chain attacks have become more prevalent due to attacker's higher skills and sophisticated attack methods. These attacks can go unnoticed for a long time and cause widespread damage. Therefore, monitoring all software products in the supply chain to detect these attacks is crucial. However, the software supply chain is complex, and tracking suspicious changes to third-party products, services, and libraries used to build software products can be challenging. This makes it difficult for developers to identify and confirm vulnerabilities in the software. Even one vulnerable file in the supply chain can have severe consequences if exploited, so regular vulnerability checks are necessary to keep software products safe. To address this issue, we propose a Vulnerability Assessment Tool that identifies newly found vulnerabilities from public databases and efficiently checks them in existing internal products. Our method uses a two-step process. The first step is estimating related products and directly affected products for a given CVE ID. The second step is a detailed check of the vulnerabilities in the system based on the results estimated in Step 1. This assessment method reduces the time the PSIRT Analyst requires to assess the vulnerabilities.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.31(2023) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.31.842\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Software supply chain attacks have become more prevalent due to attacker's higher skills and sophisticated attack methods. These attacks can go unnoticed for a long time and cause widespread damage. Therefore, monitoring all software products in the supply chain to detect these attacks is crucial. However, the software supply chain is complex, and tracking suspicious changes to third-party products, services, and libraries used to build software products can be challenging. This makes it difficult for developers to identify and confirm vulnerabilities in the software. Even one vulnerable file in the supply chain can have severe consequences if exploited, so regular vulnerability checks are necessary to keep software products safe. To address this issue, we propose a Vulnerability Assessment Tool that identifies newly found vulnerabilities from public databases and efficiently checks them in existing internal products. Our method uses a two-step process. The first step is estimating related products and directly affected products for a given CVE ID. The second step is a detailed check of the vulnerabilities in the system based on the results estimated in Step 1. This assessment method reduces the time the PSIRT Analyst requires to assess the vulnerabilities.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.31(2023) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.31.842\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2023-12-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"64"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T10:43:37.908560+00:00"}