Heejo Lee, Director of the CSSA Research Institute declares “over 180,000 vulnerabilities discovered, Management from the development stage is needed”

August 26,2022

Last year, while security vulnerabilities such as “Log4j” shaking the world and continue to increase, hacking attack such as targeted ransomware are also steeply increasing. The importance of software security is more than ever emphasized as more companies use open source software (OSS) to speed up development and services in line with the digital transformation (DT).

Heejo Lee, Director of the Korea University’s CSSA Research, has emphasized online, during the opening of the IOTCUBE conference, on August 26th, 2022, that a safe development methodology should be implemented from the development stage. The CSSA was established in June 2015 by 4 countries: South Korea, The United States of America, the United Kingdom, and Switzerland for international joint research.

Heejo Lee explains that “to get security verification or approval globally, we need to manage security vulnerabilities from the development stage and show that we applied a safe development methodology”, adding, “to pass international standards or regulations, we need to establish a vulnerability management system.”

As an alternative, Heejo Lee suggested IOTCUBE, an automatic vulnerability analysis platform. Whoever, including non-security experts, can use this platform to analyze and identify software vulnerabilities. Not only it is easily accessible via a website but it can also analyze vulnerabilities in network and binary SW through “Drag & Drop”.

Since its release in 2016, over 1 million vulnerabilities have been discovered through the platform and around 20,000 people in 141 countries have used it.

Head of Research, Professor Lee said “IOTCUBE has been created so that even non-security experts can easily use it” and “it is expanding its application targets to blockchain and open source in the future”.

Also, CSSA is offering IOTCUBE Labrador business solution in various industries such as Defense, Telecom and Finance. This platform automatically generates SBOM, analyzes SW risks and offers a response plan.

Professor Lee finally said with conviction “Labrador has been considered outstanding in terms of detection accuracy and ease of use compared to international tools” and “We should be prepared, in advance, to tackle vulnerabilities within currently trending topics: SBOM and OSS”.

Translation from original article (Korean) :
https://www.techm.kr/news/articleView.html?idxno=100914