참고문헌
- CVEdetails, https://www.cvedetails.com/
- GFI Blog, "2015's MVPs - The most vulnerable player"
- Microsoft, "Security Development Lifecycle", http://www.microsoft.com/en-us/sdl/
- Steve Lipner, Michael Howard, "The Trustworthy Computing Security Development Lifecycle", Microsoft Corporation, Mar 2005.
- NVD DB, https://nvd.nist.gov/
- Secunia, "Secunia Yearly Report 2011, Vulnerabilities Are Resilient", P.4-P.11, 2012.
- RedHat Security Blog, "The Source of Vulnerabilities, How Red Hat finds out about vulnerabilities", Oct 2014.
- Heartbleed bug, http://heartbleed.com/
- OpenSSL CCS Injection bug, http://ccsinjection.lepidum.co.jp/
- Trustwave, "Linux trailed Windows in patching zero-days in 2012, report says", 2012.
- Matthew Finifter, Devdatta Akhawe, and David Wagner, "An Empirical Study of Vulnerability Rewards Programs", 2013.
- Google, "Google Vulnerability Reward Program (VRP) Rules"
- Facebook, "Bug Bounty Program"
- Microsoft, "Microsoft Bounty Programs"
- LinkedIn's Security Blog, "LinkedIn's Private Bug Bounty Program: Reducing Vulnerabilities by Leveraging Expert Crowds"
- Samsung "SMART TV BUGBOUNTY PROGRAM"
- KISA, "S/W 신규 보안 취약점 신고 포상제"
- Line, "LINE Security Bug Bounty Program"
- We Do Hack, http://wedohack.appspot.com/
- HP Security Research Blog, "There and back again: a journey through bounty award and disclosure"
- 김형열.김태성, "취약점 마켓 도입 영향요인에 대한 탐색적 연구: 화이트해커 중심으로", 2016 한국경영정보학회 춘계학술대회, 한국경영정보학회, 2016.
- 홍준호, 유현우, "화이트 해커 양성 및 활성화 방안에 대한 연구", 한국법학회, 법학연구 제17권 제4호(통권 68호), 2017.
- Bugcrowd, "Vulnerability Disclosure & Bug Bounty Programs"
- HackerOne, "Bug Bounty, Vulnerability Coordination"
- Synack, "Penetration Testing & Private Bug Bounty"
- Cobalt Labs, "Cobalt Bug Bounty Program"
- Zerocopter, "Vulnerability Disclosure Policy"