참고문헌
- I. V. Krsul, "Software vulnerability analysis," PhD dissertation, Purdue University, West Lafayette, IN, USA. Advisor: E. H. Spafford, 1998.
- A. Ozment, "Improving vulnerability discovery models," in Proceedings of the 2007 ACM workshop on Quality of protection, NewYork, pp. 6-11, 2007.
- J.A. Wang, M. Guo, H. Wang, M. Xia and L. Zhou, "Environmental Metrics for Software Security Based on a Vulnerability Ontology," in Proceedings of the third IEEE International Conference on Secure Software Integration and Reliability Improvement, pp. 159-168, 2009.
- R. Kissel, "Glossary of Key Information Security Terms," NIST IR 7298, 2006
- C.P. Pfleeger and S.L. Pfleeger, Security in Computing. 3rd ed., Prentice Hall PTR, 2003.
- W.R. Cheswick and S.M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley, 1994.
- E.E. Schultz Jr., D.S. Brown and T.A. Longstaff, "Responding to Computer Security Incidents," Lawrence Livermore National Laboratory, 1990.
- K. Otwell and B. Aldridge, "The role of vulnerability in risk management," in proceedings of Computer Security Applications Conference, pp.32-38, 1989
- H. Mayerfeld, "Definition and Identification of Assets as The Basis for Risk Management," in Proceedings of 1988 Computer Security Risk Management Model Builders Workshop, pp.21-34, 1988
- N. Lewis, "Using Binary Schemas to Model Risk Analysis," in Proceedings of 1988 Computer Security Risk Management Model Builders Workshop, pp.35-48, 1988
- D. Snow, "A General Model for the Risk Management of ADP Systems," in Proceedings of 1988 Computer Security Risk Management Model Builders Workshop, pp.145-162, 1988
- IEEE standard glossary of software engineering terminology, IEEE Standard 610.12-1990, 1990
- K. Otwell and B. Aldridge, "The role of vulnerability in risk management," in Proceedings of Computer Security Applications Conference, pp.32-38, 1989
- S. Frei, "Security Econometrics - The Dynamics of (In)Security", Ph.D. dissertation, ETH Zurich, ISBN 1-4392-5409-5, 2009
- Y.P. Breukers, "The Vulnerability Ecosystem: Exploring vulnerability discovery and the resulting cyberattacks through agent-based modelling," M.S. Thesis, Delft University of Technology, Aug. 22, 2016
- H. Joh and Y. K. Malaiya, "Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics," in Proceedings of the 2011 International Conference on Security and Management, pp. 10-16, 2011
- J. Radianti, E. Rich, and J. Gonzalez, "Vulnerability black markets: Empirical evidence and scenario simulation," in Proceedings of the 42nd Hawaii International Conference on System Sciences, pp.1-10, 2009
- G. Schryen, "Security of open source and closed source software: An empirical comparison of published vulnerabilities," in Proceedings of the 15th Americas Conference on Information Systems, 6-9 Aug., 2009
- O. Alhazmi, Y.K. Malaiya and I. Ray, "Security vulnerabilities in software systems: A quantitative perspective," Lecture Notes in Computer Science of Data and Applications Security XIX, vol.3654, pp.281-294, 2005
- O. Alhazmi and Y.K. Malaiya, "Application of Vulnerability Discovery Models to Major Operating Systems," IEEE Transactions on Reliability, vol.57, pp.14-22, 2008 https://doi.org/10.1109/TR.2008.916872
- J. Kim, Y.K. Malaiya and I. Ray, "Vulnerability Discovery in Multi-Version Software Systems," in Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium, Washington, DC, USA, pp.141-148, 2007
- O. Alhazmi and Y.K. Malaiya, "Prediction Capabilities of Vulnerability Discovery Models," in Proceedings of Reliability and Maintainability Symposium, pp. 86-91, 2006
- T. Zimmermann, N. Nagappan and L. Williams, "Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista," in Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation, pp.421-428, 2010.