Osmy: A Tool for Periodic Software Vulnerability Assessment and File Integrity Verification using SPDX Documents

Kishimoto, Rio; Kanda, Tetsuya; Manabe, Yuki et al.

Proceedings - 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024, 2024, 445-449

Number of Access:3412025-09-03 05:21 Counts

Identifier to cite or link to this item: https://hdl.handle.net/11094/98115

Link to primary information 

File Format Terms of use Size Views Date.Available Description information
Proc-IEEEIntConfSoftwAnal,EvolReengineering,SANER_445 pdf None 496 KB 86 2024.09.20  

Item Information

Output File Export EndNote Basic Export Mendeley

Title
Osmy: A Tool for Periodic Software Vulnerability Assessment and File Integrity Verification using SPDX Documents
Creator
CreatorName
Kishimoto, Rio
NRID
1000090780726 1000090780726
researchmap permalink
t-kanda t-kanda
Scopus Author ID
55853578000 55853578000
CreatorName
Kanda, Tetsuya
NRID
1000020625339 1000020625339
CreatorName
Manabe, Yuki
NRID
1000020168438 1000020168438
Scopus Author ID
7601540520 7601540520
CreatorName
Inoue, Katsuro
NRID
1000070452414 1000070452414
ORCID
0000-0002-8278-8975 0000-0002-8278-8975
researchmap permalink
yoshiki.higo yoshiki.higo
Scopus Author ID
7004831134 7004831134
CreatorName
Higo, Yoshiki
Subject
SBOM
SPDX
vulnerability
Description
Kishimoto R., Kanda T., Manabe Y., et al. Osmy: A Tool for Periodic Software Vulnerability Assessment and File Integrity Verification using SPDX Documents. Proceedings - 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024 , 445 (2024); https://doi.org/10.1109/SANER60148.2024.00052.
Abstract
Libraries have become integral to modern software development, yet their management often falls short, resulting in issues such as delayed responses to vulnerabilities. To address these issues, the use of a Software Bill of Materials (SBOM) is recommended. Despite the recommendation, there is a lack of tools supporting software management using SBOM. In this paper, we present 'Osmy', a tool designed to facilitate effective software management using SBOM in the SPDX format-one of the major SBOM formats. Osmy is designed to simplify and streamline SBOM-based software management for end users. It automates vulnerability assessment and file integrity verification, operating periodically to ensure continuous protection. Users receive timely notification of any identified issues, ensuring a proactive approach to software security. Osmy is available at https://github.com/higolab/Osmy.
Conference Information
Conference Name
IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)
Conference Sequence
2024
Conference Sponsor
IEEE
Conference Date
March 12th to March 15th, 2024
Conference Venue
Santa’s Hotel Santa Claus
Conference Place
Rovaniemi
Conference Country
Finland
Publisher
Institute of Electrical and Electronics Engineers Inc.
Source Title
Proceedings - 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024
Page
445-449
Date of Issued
2024-07-16
Language
English
Handle URL
https://hdl.handle.net/11094/98115
PISSN
15345351
eISSN
26407574
Relation.isVersionOf
DOI (Publisher Version)
https://doi.org/10.1109/SANER60148.2024.00052
Access Rights
open access
CopyRight
© 2024 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
oaire:version
Accepted Manuscript
Category
会議発表論文 Conference Paper