信息安全研究2024,Vol.10Issue(9):862-869,8.DOI:10.12379/j.issn.2096-1057.2024.09.11
开源软件供应链安全风险分析研究
Research on Risk Analysis of Open-source Software Supply Chain Security
摘要
Abstract
Open-source software has become one of the most fundamental elements that support the operation of the digital society.It has also been penetrated to various industries and fields.As the open-source software supply chain becomes increasingly complex and diversified,the risks caused by security attacks on the open-source software supply chain are also intensified.This paper summarizes the current development of the open-source software supply chain ecosystem and the strategic layout of open-source software supply chain security in major countries.From the dimensions of development security,usage security,and operation security,this paper proposes an open-source software supply chain security risk analysis system.It identifies the major security risks currently faced by the open-source software supply chain.Besides,this paper constructs a security assurance model for the open-source software supply chain and offers countermeasures and suggestions for the security and development of China's open-source software supply chain from the dimensions of supply chain phases,relevant entities,and safeguard measures.关键词
网络安全/软件安全/开源软件/软件供应链/开源软件供应链安全Key words
network security/software security/open-source software/software supply chain/open-source software supply chain security分类
信息技术与安全科学引用本文复制引用
王江,姜伟,张璨..开源软件供应链安全风险分析研究[J].信息安全研究,2024,10(9):862-869,8.基金项目
国家社科基金项目(23VRC094) (23VRC094)
国家社科基金重大项目(22&ZD147) (22&ZD147)
国家重点研发计划项目(2021YFB3101300,2021YFB3101302,2021YFB3101305) (2021YFB3101300,2021YFB3101302,2021YFB3101305)
