| 开源软件供应链安全问题研究 |
| |
| 作者姓名: | 李光杰 唐艺 易比一 张翔 何琰 |
| |
| 作者单位: | 国防科技创新研究院,国防科技创新研究院,国防科技创新研究院,国防科技创新研究院,国防科技创新研究院 |
| |
| 摘 要: | 当前,开源已经成为软件开发的重要模式之一。由于开源开发模式具有代码来源多样、依赖关系复杂等特点,使得开源软件面临代码漏洞风险、供应链攻击风险、知识产权风险、可持续维护风险等供应链安全问题,且问题呈现出快速增长态势。本文基于对开源软件供应链中的安全风险分析,提出从开源软件安全漏洞检测、软件成分分析、许可证冲突检测、开源生态可持续治理四个方面进行安全治理的方法,指出构建安全软件供应链面临依赖关系复杂、结构脆弱等挑战,对软件成分分析、供应链构建等未来研究方向进行了展望。
|
| 关 键 词: | 开源 许可证安全 供应链安全 软件漏洞 软件成分分析 |
| 收稿时间: | 2022/8/1 0:00:00 |
| 修稿时间: | 2023/1/18 0:00:00 |
Research on the Security of Open Source Software Supply Chain |
| |
| Authors: | Li Guangjie Tang Yi Yi Biyi Zhang Xiang and He Yan |
| |
| Affiliation: | National Innovation Institute of Defense Technology,National Innovation Institute of Defense Technology,National Innovation Institute of Defense Technology,National Innovation Institute of Defense Technology |
| |
| Abstract: | At present, open source software has become the mainstream of software development patterns. However, the code dependency of open source software is complex, and the security problems of software supply chain are growing rapidly. Open source software faces such security problems as code vulnerabilities, supply chain security, license compliance and so on. Based on the analysis of security risks in the open source software supply chain, this research first proposes a method of security governance from four aspects: open source software security vulnerability detection, software component analysis, license conflict detection and open source ecological sustainable governance. Next, it points out that the construction of security software supply chain is faced with complex dependency and fragile structure. Finally, it makes prospection on the future research directions of software component analysis and supply chain construction. |
| |
| Keywords: | open source license security supply chain security software bug software component analysis |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
