软件供应链安全隐患与防范措施
Overview of software supply chain security risks and countermeasures
张宏涛 1张超 2梁琼丹 3刘益志 3罗聪明4
作者信息
- 1. 广州新华学院,广东广州 510520
- 2. 广西交通职业技术学院,广西南宁 530023
- 3. 广州南方学院,广东广州 510520
- 4. 东莞理工学院,广东东莞 523000
- 折叠
摘要
[目的/意义]分析软件供应链安全的研究进展和前沿动态,旨在通过系统性的文献回顾和分析,揭示该领域的核心议题与研究空白,为后续研究提供指导与启示.[方法/过程]采用文献计量分析法,通过Web of Science数据库检索2000年至2023年的相关文献,筛选出与软件供应链安全相关的高质量论文.对文献内容进行分析,以识别研究趋势和关键主题.[结果/结论]分析结果揭示了软件供应链安全研究经历了初期的低谷后,自2020年起,学术文献发表量呈现显著增长,且增长趋势近似于立方级.研究热点主要集中在开源软件组件的漏洞管理、第三方软件包的安全性评估以及软件供应链的威胁建模.总结了软件供应链安全的主要风险点以及相应的防范与加固策略,为后续软件供应链安全领域研究提供参考和帮助.
Abstract
[Purpose/Significance]In order to analyze the research progress and frontier dynamics of software supply chain security,this paper aims to reveal the core issues and research gaps in this field through systematic literature review and analysis and provide guidance and enlightenment for subsequent research.[Method/Process]Using bibliometric analysis method,this study retrieves relevant literature from the Web of Science database spanning from 2000 to 2023.High-quality papers concerning software supply chain security are selected and analyzed to identify research trends and key themes.[Results/Conclusion]The analysis reveals that research on software supply chain security experienced a period of stagnation initially but has significantly surged since 2020,following a cubic growth trend.Research focuses primarily on vulnerability management of open-source software components,security assessment of third-party software packages,and threat modeling of software supply chains.The study summarizes the major risk points in software supply chain security and corresponding prevention and reinforcement strategies,providing insights and guidance for future research in this domain.
关键词
软件供应链安全/开源软件/软件包攻击/文献计量学/信息安全Key words
software supply chain security/open-source software/software package attack/bibliometric science/information security引用本文复制引用
基金项目
广东省重点建设学科科研能力提升项目(2022ZDTS152)
2022年度广西高校中青年教师科研基础能力提升项目(2022KY1128)
出版年
2024
NETL
NSTL
万方数据