• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• The KIPS Transactions:PartD
• /
• v.11D no.3
• /
• pp.635-648
• /
• 2004

Extreme programming is the most representative methodology among agile software development methodologies that is agile in business environment which change fast. As software industry is matured, usability of software quality characteristics is emphasized gradually, but effort to obtain usability in extreme programming is insufficient. In this paper, three things lacked in extreme programming are reinforced. First, roles of user interface expert are defined. Second, usability testing method to extreme programming are introduced. Third, development process and products are proposed. The proposed plan is validated by four methods, which analyze supporting software development life cycle, analyze satisfaction of CMM key process areas, analyze satisfaction of CMM practices, and analyze development of green tea shopping mail. Green tea shopping mall is improved 23％ in the estimated running time, 21％ in the learnability. Also, usability is improved 18％ in the heuristic evaluation and 16％ in the questionnaire method.

• The KIPS Transactions:PartD
• /
• v.11D no.7 s.96
• /
• pp.1491-1498
• /
• 2004

Successful project planning relics on a good estimation of the manpower required to complete a project, together with the schedule options that may be available. Despite the extensive research done developing new and better models, existing software manpower estimation models are present only the total manpower or instantaneous manpower distribution according to the testing time for the software life-cycle. This paper suggests the manpower estimating models for software testing phase as well as testing process and debugging process in accordance with de-tected faults. This paper presents the polynomial model for effort based on testing and debugging faults. These models are verified by 5 different software project data sets with coefficient of determination and mean magnitude of relative error for adaptability of model.

• The KIPS Transactions:PartD
• /
• v.9D no.2
• /
• pp.259-266
• /
• 2002

The main issue in software development is the ability of software project effort and cost estimation in the early phase of software life cycle. The regression models for project effort and cost estimation are presented by function point that is a software sire. The data sets used to conduct previous studies are of ten small and not too recent. Applying these models to 789 project data developed from 1990 ; the models only explain fewer than 0.53 $R^2$(Coefficient of determination) of the data variation. Homogeneous group in accordance with project delivery rate (PDR) divides the data sets. Then this paper presents general effort estimation models using project delivery rate. The presented model has a random distribution of residuals and explains more than 0.93 $R^2$ of data variation in most of PDR ranges.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.3
• /
• pp.295-306
• /
• 2002

Successful project planning relies on a good estimation of the effort required to complete a project, together with the schedule options that may be available. Despite the extensive research done developing new and better models, existing software effort estimation models are present only the total effort and instantaneous effort function for the software life-cycle. Also, Putnam presents constant effort rate in each phase. However, the size of total effort are variable according to the software projects under the influence of its size, complexity and operational environment. As a result, the allocated effort in each phase also differ from project to project. This paper suggests the criteria for effort allocation in planning, specifying, building, testing and implementing phase followed by the project total effort. These criteria are derived from 183 different projects. This result can be considered as a practical guideline in management of project schedule and effort allocation.

• The KIPS Transactions:PartD
• /
• v.17D no.6
• /
• pp.443-452
• /
• 2010

COTS system is increasingly seen as one of the main jobs of reuse development. It involves reliability of COTS that might affect the project schedule or the quality of the software being developed and taking action to avoid these risks. The results of the COTS analysis should be documented in the project plan along with an analysis of the attribute and operation. Effective risk management makes it easier to cope with problems and to ensure that these do not lead to unacceptable budget or schedule slippage. This research provides criteria of analysis of risk items to the estimation of process milestone on COTS development.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2022.07a
• /
• pp.123-125
• /
• 2022

Git의 커밋 메시지는 프로젝트가 진행되면서 발생하는 각종 이슈 및 코드의 변경이력을 저장하고 관리하고 있기 때문에 소프트웨어 유지관리와 프로젝트의 생명주기와 밀접한 연관성을 갖고 있다. 이러한 Git의 커밋 메시지에 대한 정확한 분석 결과는 소프트웨어 개발 및 유지관리 활동 시, 시간과 비용의 효율적인 관리에 많은 영향을 끼치고 있다. 이에 대한 기존 연구로 Git에서 발생하는 커밋 메시지를 소프트웨어 유지관리의 세 가지 형태로 분류하고 매핑하여 정확한 분석을 시도하려는 연구가 진행되었으나, 최대 87%의 정확도를 제시한 연구 결과가 있었다. 이러한 연구들은 정확도가 낮아 실제 프로젝트의 개발 및 유지관리에 적용하기에는 위험성과 어려움이 있는 현실이다. 본 논문에서는 커밋 메시지 분류에 대한 선행 연구 조사를 통해 각 연구들의 프로세스와 특징을 추출하였고, 이를 이용한 분류 정확도를 높일 수 있는 커밋 복합 분류 모델에 대해 제안한다.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.9
• /
• pp.1191-1198
• /
• 2001

An increasingly important facet of software development is the ability to estimate the associate cost and effort of development early in the development life cycle. Most of the proposed models are based upon a combination of intuition, expert judgement, and regression analysis of empirical data. Overall, the work has failed to produce any single model that can be applied with a reasonable degree of success to a variety of environments. This paper presents a neural network (NN) model that related software development effort to software size measured in function element types. The heuristic approach is applied to decide the number of hidden neurons in NN from the relationship between input-output pairs. The research describes appropriate NN modeling in the context of a case study for 24 software development projects. Also, this paper compared the NN model with a regression analysis model and found the NN model has better accuracy.

• The Journal of the Korea Contents Association
• /
• v.2 no.4
• /
• pp.59-66
• /
• 2002

As for the software development, it is complicated, and size of software is growing larger. And contraction of a software development period is required acutely because it is short a period of software life cycle. Also, it becomes harder development and a maintenance because it is short a life cycle of developed software. According to this an effort is increased in order to reduce a development cost and time as using a component to have been implemented previously in development of software. A current component technology is developing into a very fast speed and is bringing a large change into development of a Web base system in addition to existing software development method. In this paper, we were handling a related technology for Web system development of a CBD base systematically and derived an issue to apply it to development of a Web system and presented an efficient practical use method of a component technology. First of all we looked into a component technology and a CBD methodology systematically and described a component technology in Web. Also, we proposed a method to increase development and efficiency of practical use of a Web system based on a component. The this study result can decrease a development cost of a Web system and a load of maintenance management through the re-use of a code.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04b
• /
• pp.367-369
• /
• 2002

소프트웨어 프로젝트의 경쟁력 프로젝트의 생명 주기 전반에 걸친 체계적인 관리를 통하여 유지될 수 있으며, 이러한 체계적인 관리는 경쟁력 있는 프로젝트의 개발 및 유지를 위한 하나의 전략적 기술(strategic technology)이다 본 논문에서는 프로젝트 생명 주기 전반에 걸쳐 프로젝트를 체계적이고 효율적으로 관리하여 고품질의 결과물을 생성하고, 이를 통한 결과물의 기술 및 시장 경쟁력을 높이기 위하여 당 연구부에서 개발하여 사용하고 있는 프로젝트 관리 및 지원도구인 SMART (Software Management Assistant and Reference Tool) 시스템을 소개한다.