Visualization Method for Open Source Software Risk Related to Vulnerability and Developmental Status Considering Dependencies

Yano, Tomohiko; Kuzuno, Hiroki

https://hdl.handle.net/20.500.14094/0100495954

このアイテムのアクセス数:50件（2025-08-11 17:30 集計）

閲覧可能ファイル

ファイル	フォーマット	サイズ	閲覧回数	説明
0100495954 (fulltext)	pdf	4.77 MB	25

メタデータ

ファイル出力

メタデータID	0100495954
アクセス権	open access
出版タイプ	Version of Record
タイトル	Visualization Method for Open Source Software Risk Related to Vulnerability and Developmental Status Considering Dependencies
著者	著者名 Yano, Tomohiko
著者	著者ID A3179 研究者ID 1000030882386 ORCID 0000-0003-2686-2541 KUID https://kuid-rm-web.ofc.kobe-u.ac.jp/search/detail.html?systemId=912f4b3c221010bd520e17560c007669 著者名 Kuzuno, Hiroki 葛野, 弘樹クズノ, ヒロキ所属機関名工学研究科
言語	English (英語)
収録物名	Journal of Information Processing
巻(号)	32
ページ	767-778
出版者	Information Processing Society of Japan
刊行日	2024
公開日	2025-05-27
抄録	In recent years, Open-source software (OSS) has become a mainstream technology essential to information systems. However, its secure application requires a comprehensive understanding of its various security risks. One of them is vulnerability risk. A vulnerability risk involves the discovery of a new vulnerability in the OSS in use, which must be immediately addressed by security administrators, such as software updates. On the other hand, developmental risks involve OSS that are not in active development. If the development of an OSS is stalled, an alternative OSS should be considered because newly identified vulnerabilities may not be fixed. Therefore, a specialized method is required to analyze vulnerability and developmental risks of OSS, while accounting for their dependencies. This paper proposes a method that identifies such security risks of OSS by extracting, linking, and visualizing the vulnerabilities, development status, and dependency information. The proposed method enables security administrators to check visualization results, identify OSS with security risks, and consider appropriate countermeasures. We experimentally evaluate the adequacy of the visualizations for the purpose of the identification of security risks, and calculate the processing time required to visualize the risks.
キーワード	open-source software
	vulnerability management
	visualization
カテゴリ	工学研究科
カテゴリ	学術雑誌論文
権利	© 2024 by the Information Processing Society of Japan
権利	The copyright of this material is retained by the Information Processing Society of Japan (IPSJ). This material is published on this web site with the agreement of the author (s) and the IPSJ. Please be complied with Copyright Law of Japan and the Code of Ethics of the IPSJ if any users wish to reproduce, make derivative work, distribute or make available to the public any part or whole thereof. All Rights Reserved, Copyright (C) Information Processing Society of Japan. Comments are welcome. Mail to address editj＠ipsj.or.jp, please.
関連情報	DOI https://doi.org/10.2197/ipsjjip.32.767

資源タイプ	journal article
eISSN	1882-6652　OPACで所蔵を検索　 CiNiiで学外所蔵を検索

閲覧可能ファイル

メタデータ

詳細を表示