As a core component of the modern information industry,open-source software has significantly contributed to tech-nology sharing,cost reduction,and socio-economic benefits,while profoundly influencing the ongoing development of informa-tion technology.However,as the open-source software ecosystem continues to expand,its supply chain relationships have be-come increasingly complex,leading to a notable rise in security risks.Thus,identifying and addressing risks within the open-source software supply chain have become particularly crucial.Through a comprehensive literature review and analysis,this pa-per systematically summarizes the typical risk points at various stages of the open source software supply chain.It also provides an in-depth analysis of how Artificial Intelligence Generated Content(AIGC)technology can be applied to identify these risk points,offering new perspectives and methods for managing risks in the open source software supply chain in the AI era.
维普
万方数据