开源软件供应链安全展望
Outlook on Security of Open Source Software Supply Chain
洪晟 1易哲凯2
作者信息
- 1. 北京航空航天大学网络空间安全学院,北京,100191
- 2. 西南大学计算机与信息科学学院软件学院,重庆,400715
- 折叠
摘要
随着科学的进步与发展,ICT(信息与通信技术)供应链在生活生产中起到越来越重要的作用.开源软件供应链是其中一环,也是各类关键信息基础设施的重要基础.与此同时,软件供应链逐步趋于复杂化和多样化,其安全风险不断加剧,日益受到学术界和产业界的重视.首先,从软件使用和软件攻击2个方面分析开源软件供应链所存在的安全问题;然后,对国内外的研究工作进行调研,总结软件物料清单技术、软件供应链安全检测技术、软件数据安全保护技术3个方面的发展现状;最后,提出在开源软件开发和使用各环节应采取的安全防范措施,以全面保障开源软件供应链安全.
Abstract
With the progress and development of science,the ICT(Information and Communication Technology)supply chain plays an increasingly important role in daily life and production.The open source software supply chain is an integral part of it and an important foundation for various critical information infrastructure.At the same time,the software supply chain is gradually becoming more complex and diversified,and its security risks are constantly increasing,receiving increasing attention from both academia and industry.Firstly,analyze the security issues in the open-source software supply chain from two aspects:software usage and software attacks;Then,conduct research on domestic and foreign research work,summarize the development status of software bill of materials technology,software supply chain security detection technology,and software data security protection technology in three aspects;Finally,propose security measures that should be taken at all stages of open-source software development and use to comprehensively ensure the security of the open-source software supply chain.
关键词
开源软件/软件供应链/安全问题Key words
Open Source Software/Softwera Supply Chain/Security Issues引用本文复制引用
基金项目
国家重点研发计划(2022YFB3103602)
工信部产业基础再造和制造业高质量发展重大专项(0747-2361SCCZA193)
工信部产业基础再造和制造业高质量发展重大专项(0747-2361SCCZA194)
北京市自然科学基金-海淀原始创新联合基金(L222005)
北京航空航天大学研究生精品课程建设项目(403918)
出版年
2024
NETL
NSTL
万方数据