Emerging Trends in Supply Chain Security
개요
OSS 추적성을 위한 SBOM 동향
정보보호학회지(2022.10)
Authors: 김선우, 손경호
공급망 보안을 위한 오픈소스 소프트웨어 취약점 관리 기술
정보보호학회지(2022.10)
Authors: 홍현지, 우승훈, 이희조
노수지, 오픈소스 소프트웨어 공급망 보안, 세미나(2023년 04월 03일)
사진
발표 자료
Tools
FOSSLight
Open Source Security Index
Microsoft sbom-tool
npm-sbom
Vulnerable Code Clone(VCC) Discovery
The Vulnerability Fix Flow from the origin to its patch
MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components
31st Usenix Security (2022)
Authors: Seunghoon Woo, Hyunji Hong, Eunjin Choi, and Heejo Lee
A token-based approach using the slicing window technique
ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions
IEEE Symp. on Security and Privacy (SP), 2012
Authors: Jiyong Jang; Abeer Agrawal; David Brumley
A function-level scalable technique
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
IEEE Symp. on Security and Privacy (SP), 2017
Authors: Seulbae Kim; Seunghoon Woo; Heejo Lee; Hakjoo Oh
A Code-Property Graph (CPG) based VCC discovery technique
VGRAPH: A Robust Vulnerable Code Clone Detection System Using Code Property Triplets
IEEE Symp. on Security and Privacy (SP), 2020
Authors: Benjamin Bowman; H. Howie Huang
Approaches to detect vulnerable codes using machine learning algorithms
VulDeePecker: A Deep Learning-Based System for Vulnerability Detection
IEEE Symp. on Security and Privacy (SP), 2012
Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong
VulPecker: An automated vulnerability detection system based on code similarity analysis
ACM Conf. on Computer Security Application (ACSAC), 2016
Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu
VulDBGen
CPG Code Property Graph (Wiki)