system_article's People
system_article's Issues
Machine Learning in Network Centrality Measures: Tutorial and Outlook
cite
@article{grando2018machine,
title={Machine learning in network centrality measures: Tutorial and outlook},
author={Grando, Felipe and Granville, Lisandro Z and Lamb, Luis C},
journal={ACM Computing Surveys (CSUR)},
volume={51},
number={5},
pages={1--32},
year={2018},
publisher={ACM New York, NY, USA}
}
Grando, Felipe, Lisandro Z. Granville, and Luis C. Lamb. "Machine learning in network centrality measures: Tutorial and outlook." ACM Computing Surveys (CSUR) 51.5 (2018): 1-32.
Building resilient medical technology supply chains with a software bill of materials
A network perspective on the visualization and analysis of bill of materials
https://journals.sagepub.com/doi/10.1177/1847979017732638
Cinelli M, Ferraro G, Iovanella A, Lucci G, Schiraldi MM. A network perspective on the visualization and analysis of bill of materials. International Journal of Engineering Business Management. 2017;9. doi:10.1177/1847979017732638
Measuring OSS Quality through Centrality
https://dl.acm.org/doi/abs/10.1145/1370114.1370131
@inproceedings{hossain2008measuring,
title={Measuring OSS quality trough centrality},
author={Hossain, Liaquat and Zhou, David},
booktitle={Proceedings of the 2008 international workshop on Cooperative and human aspects of software engineering},
pages={65--68},
year={2008}
}
A Viewpoint on Knowing Software Bill of Materials Quality When You See It
Applying Centrality Measures to the Behavior Analysis of Developers in Open Source Software Community
https://ieeexplore.ieee.org/document/6382850
@inproceedings{he2012applying,
title={Applying centrality measures to the behavior analysis of developers in open source software community},
author={He, Peng and Li, Bing and Huang, Yuan},
booktitle={2012 Second International Conference on Cloud and Green Computing},
pages={418--423},
year={2012},
organization={IEEE}
}
Toward a Reference Architecture for Software Supply Chain Metadata Management
A software vulnerability detection method based on deep learning with complex network analysis and subgraph partition
https://www.sciencedirect.com/science/article/abs/pii/S0950584923001830
Bibtex
@article{cai2023software,
title={A software vulnerability detection method based on deep learning with complex network analysis and subgraph partition},
author={Cai, Wenjing and Chen, Junlin and Yu, Jiaping and Gao, Lipeng},
journal={Information and Software Technology},
volume={164},
pages={107328},
year={2023},
publisher={Elsevier}
}
Electrical centrality measures for electric power grid vulnerability analysis
https://ieeexplore.ieee.org/abstract/document/5717964
@inproceedings{wang2010electrical,
title={Electrical centrality measures for electric power grid vulnerability analysis},
author={Wang, Zhifang and Scaglione, Anna and Thomas, Robert J},
booktitle={49th IEEE conference on decision and control (CDC)},
pages={5792--5797},
year={2010},
organization={IEEE}
}
S3C2 Summit 2023-06: Government Secure Supply Chain Summit
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties
k
Profile of Vulnerability Remediations in Dependencies Using Graph Analysis
-
この論文が扱う分野・トピックは何か? (一般向け)
- 代表的な既存研究はあるか?
- OSSの依存関係と脆弱性をテーマに扱う
- 代表的な既存研究はあるか?
-
この論文が扱う分野・トピックは何か? (専門家向け)
- もう少し具体的に
- あるソフトウェアに脆弱性が発生したときに、対策のため、バージョンアップを行いたい。
- そのとき、バージョンアップしたときにソフトウェアが動かなくなる。脆弱性を取り除くことと、ソフトウェアの可用性がトレードオフ関係になっている
- 新しいバージョンに移行しようとすると、時にはエラーが発生したり、アプリケーションのコンパイルが拒否されたり、実行時に誤った機能が実行されたりすることがある。
- 脆弱性の影響を最小限に抑えながら、どのようにソフトウェアをアップデートするべきか?がわからない
- もう少し具体的に
-
どんなもの?
-
この研究ではどんなことが未解決で何を対象としているか?リサーチクエスチョンは何か?
脆弱性とバージョンアップによるソフトウェアの破壊、両方の被害を最小限に抑え、ソフトウェアを修正されたバージョンへアップデートするための情報の取得- なぜこの研究がやったのか?なぜ必要か?それを解決すると誰が幸せになるか?
- なぜいま、その問題に取り組むのか?なぜ、先人たちはそれができなかったのか?
- 今までは、膨大なソフトウェアの構成情報やそれに付随する脆弱性の情報の取得が困難だった。
- 現在では、静的解析、動的解析ツールによる脆弱性検知、SCAツールによるソフトウェアの構成情報やその脆弱性の情報の取得が容易になってきた
-
この論文の結果は何か?
-
先行研究、従来手法と比較してなにがすごいか?
- CVSS
- SSVC
- なんか特許
- 論文
-
どうやって、課題を解決したか?
コード内の関数間をグラフによって関係づける- 過去の何を受け継いでそのアイデアに到達したのか?
- Control Flow Graph
- GAT
- 中心性
- どこに、なにがあればそのアイデアを実現できるのか?
- 実現のためのスキルは他の人が到達しにくいものか?難易度はどうか?
- 過去の何を受け継いでそのアイデアに到達したのか?
-
結果をより一般的な内容へ
-
技術や手法のキモはどこ?
-
どうやって有効だと検証した?
-
議論はある?
-
一般向けに解釈があれば
-
次読むべき論文は?
Sigstore: Software Signing for Everybody
An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead
Vocabraly
-
practitioner
- a person who works in a profession, especially medicine or law
- how practitioners perceive SBOMs SBOMをどのように認識しているか
-
readiness
-
何かの準備段階にあること
-
readiness (for something) the state of being ready or prepared for something
-
imminent adjective
- (especially of something unpleasant) likely to happen very soon
- すぐに起こりそうな
- imminent issues
-
unveil verb
- 明らかにする
- unveil something to remove a cover or curtain from a painting, statue, etc. so that it can be seen in public for the first time
-
broaden
- 広がる
- to become wider
-
deepen
- 深くなること
A network perspective for the analysis of bill of material
@article{cinelli2020network,
title={A network perspective for the analysis of bill of material},
author={Cinelli, Matteo and Ferraro, Giovanna and Iovanella, Antonio and Lucci, Giulia and Schiraldi, Massimiliano M},
journal={Procedia CIRP},
volume={88},
pages={19--24},
year={2020},
publisher={Elsevier}
}
A novel centrality measure for network-wide cyber vulnerability assessment
https://ieeexplore.ieee.org/abstract/document/7568924
@inproceedings{sathanur2016novel,
title={A novel centrality measure for network-wide cyber vulnerability assessment},
author={Sathanur, Arun V and Haglin, David J},
booktitle={2016 IEEE Symposium on Technologies for Homeland Security (HST)},
pages={1--5},
year={2016},
organization={IEEE}
}
On the Way to SBOMs: Investigating Design Issues and Solutions in Practice
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.