摘要
随着科学的进步与发展,ICT(信息与通信技术)供应链在生活生产中起到越来越重要的作用。开源软件供应链是其中一环,也是各类关键信息基础设施的重要基础。与此同时,软件供应链逐步趋于复杂化和多样化,其安全风险不断加剧,日益受到学术界和产业界的重视。首先,从软件使用和软件攻击2个方面分析开源软件供应链所存在的安全问题;然后,对国内外的研究工作进行调研,总结软件物料清单技术、软件供应链安全检测技术、软件数据安全保护技术3个方面的发展现状;最后,提出在开源软件开发和使用各环节应采取的安全防范措施,以全面保障开源软件供应链安全。
With the progress and development of science,the ICT(Information and Communication Technology)supply chain plays an increasingly important role in daily life and production.The open source software supply chain is an integral part of it and an important foundation for various critical information infrastructure.At the same time,the software supply chain is gradually becoming more complex and diversified,and its security risks are constantly increasing,receiving increasing attention from both academia and industry.Firstly,analyze the security issues in the open-source software supply chain from two aspects:software usage and software attacks;Then,conduct research on domestic and foreign research work,summarize the development status of software bill of materials technology,software supply chain security detection technology,and software data security protection technology in three aspects;Finally,propose security measures that should be taken at all stages of open-source software development and use to comprehensively ensure the security of the open-source software supply chain.
作者
洪晟
易哲凯
Hong Sheng;Yi Zhekai(School of Cyber Science and Technology,Beijing University of Aeronautics and Astronautics,Beijing,100191;College of Computer and Information Science,Southwest University School of Software,Southwest University,Chongqing,400715)
出处
《工业信息安全》
2024年第1期13-18,共6页
Industry Information Security
基金
国家重点研发计划[2022YFB3103602]
工信部产业基础再造和制造业高质量发展重大专项[0747-2361SCCZA193]和[0747-2361SCCZA194]
北京市自然科学基金“海淀原始创新联合基金”[L222005]
北京航空航天大学研究生精品课程建设项目[403918]。
关键词
开源软件
软件供应链
安全问题
Open Source Software
Softwera Supply Chain
Security Issues
