Emerging Trends in Supply Chain Security

• 개요
• OSS 추적성을 위한 SBOM 동향 정보보호학회지(2022.10)
  Authors: 김선우, 손경호
• 공급망 보안을 위한 오픈소스 소프트웨어 취약점 관리 기술 정보보호학회지(2022.10)
  Authors: 홍현지, 우승훈, 이희조
• 노수지, 오픈소스 소프트웨어 공급망 보안, 세미나(2023년 04월 03일) 사진 발표 자료
• Tools
• FOSSLight
• Open Source Security Index
• Microsoft sbom-tool
• npm-sbom
• Vulnerable Code Clone(VCC) Discovery
• The Vulnerability Fix Flow from the origin to its patch
• MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components 31st Usenix Security (2022)
  Authors: Seunghoon Woo, Hyunji Hong, Eunjin Choi, and Heejo Lee
• A token-based approach using the slicing window technique
• ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions IEEE Symp. on Security and Privacy (SP), 2012
  Authors: Jiyong Jang; Abeer Agrawal; David Brumley
• A function-level scalable technique
• VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery IEEE Symp. on Security and Privacy (SP), 2017
  Authors: Seulbae Kim; Seunghoon Woo; Heejo Lee; Hakjoo Oh
• A Code-Property Graph (CPG) based VCC discovery technique
• VGRAPH: A Robust Vulnerable Code Clone Detection System Using Code Property Triplets IEEE Symp. on Security and Privacy (SP), 2020
  Authors: Benjamin Bowman; H. Howie Huang
• Approaches to detect vulnerable codes using machine learning algorithms
• VulDeePecker: A Deep Learning-Based System for Vulnerability Detection IEEE Symp. on Security and Privacy (SP), 2012
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Xinyu Ou, Hai Jin, Sujuan Wang, Zhijun Deng, and Yuyi Zhong
• VulPecker: An automated vulnerability detection system based on code similarity analysis ACM Conf. on Computer Security Application (ACSAC), 2016
  Authors: Zhen Li, Deqing Zou, Shouhuai Xu, Hai Jin, Hanchao Qi, and Jie Hu
• VulDBGen