KAIST Cyber Security Research Center(CSRC)
Shin, Kang sik Researcher

Recent open source vulnerabilities, represented by OpenSSL’s Heartbleed and Apache Log4j vulnerabilities, has raised the importance of detecting open source vulnerabilities. In order to open source vulnerability problems, open source vulnerability analysis tools (scanners) are attracting attention, and more than 10 tools such as WhiteSource and Snyk, which are open source vulnerability analysis tools, are listed and introduced. We establish a number of criteria such as supported programming languages or accessibility, and conduct quantitative and qualitative analysis on the selected tools.