WEKO3
アイテム
Proposal of Open Source Software Security Risk Indicator Based on Vulnerability Management Interview
https://ipsj.ixsq.nii.ac.jp/records/241746
https://ipsj.ixsq.nii.ac.jp/records/2417468bc110f7-bedc-4b0d-85cb-ef5a223d5593
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6512006.pdf (1.1 MB)
2026年12月15日からダウンロード可能です。
|
Copyright (c) 2024 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2024-12-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | Proposal of Open Source Software Security Risk Indicator Based on Vulnerability Management Interview | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | Proposal of Open Source Software Security Risk Indicator Based on Vulnerability Management Interview | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:社会的・倫理的なオンライン活動を支援するセキュリティとトラスト] vulnerability risk, open source software, software security | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Graduate School of Engineering, Kobe University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Intelligent Systems Laboratory, SECOM CO., LTD. | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| SIOS Technology, Inc. | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Faculty for Electrical Engineering, Mathematics and Computer Science, University of Twente | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Graduate School of Engineering, Kobe University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Intelligent Systems Laboratory, SECOM CO., LTD. | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| SIOS Technology, Inc. | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Faculty for Electrical Engineering, Mathematics and Computer Science, University of Twente | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Faculty of Environmental, Life, Natural Science and Technology, Okayama University | ||||||||||||||||
| 著者名 |
Hiroki, Kuzuno
× Hiroki, Kuzuno
× Tomohiko, Yano
× Kazuki, Omo
× Jeroen, van der Ham
× Toshihiro, Yamauchi
|
|||||||||||||||
| 著者名(英) |
Hiroki, Kuzuno
× Hiroki, Kuzuno
× Tomohiko, Yano
× Kazuki, Omo
× Jeroen, van der Ham
× Toshihiro, Yamauchi
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Open source software (OSS) has gained significant prominence in recent years. The security of OSS is a vital concern within information systems relying on OSS. When vulnerabilities are identified in OSS projects, previous security research has suggested approaches such as vulnerability classification, risk estimation, and exploitability analysis. Evaluating whether these vulnerabilities and the associated risks in the OSS development process pose security threats remains a complex challenge. In this study, through an interview survey on existing vulnerability management, we have determined the need for ongoing and automated countermeasures against attacks by comprehending OSS security risks based on the survey findings. We then evaluated the effectiveness of these countermeasures and proposed a security risk indicator for OSS to address these issues. The proposed method measures OSS security risk indicators by integrating vulnerability information with the development status of OSS. The suggested security risk indicator for OSS serves as a benchmark for security measures in the operation of information systems. In our evaluation, we evaluated the effectiveness of the proposed OSS security risk indicator in identifying threats from multiple OSS and assessed the computational cost associated with calculating OSS security risk indicators. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.1090 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Open source software (OSS) has gained significant prominence in recent years. The security of OSS is a vital concern within information systems relying on OSS. When vulnerabilities are identified in OSS projects, previous security research has suggested approaches such as vulnerability classification, risk estimation, and exploitability analysis. Evaluating whether these vulnerabilities and the associated risks in the OSS development process pose security threats remains a complex challenge. In this study, through an interview survey on existing vulnerability management, we have determined the need for ongoing and automated countermeasures against attacks by comprehending OSS security risks based on the survey findings. We then evaluated the effectiveness of these countermeasures and proposed a security risk indicator for OSS to address these issues. The proposed method measures OSS security risk indicators by integrating vulnerability information with the development status of OSS. The suggested security risk indicator for OSS serves as a benchmark for security measures in the operation of information systems. In our evaluation, we evaluated the effectiveness of the proposed OSS security risk indicator in identifying threats from multiple OSS and assessed the computational cost associated with calculating OSS security risk indicators. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.32(2024) (online) DOI http://dx.doi.org/10.2197/ipsjjip.32.1090 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 65, 号 12, 発行日 2024-12-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
| 公開者 | ||||||||||||||||
| 言語 | ja | |||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||
