摘要
随着近几年的实战攻防演练的强度增加以及拍打力度的增强,源代码检测技术迄今为止仍是有待解决的重要问题。不同于软件缺陷,源代码漏洞更加难以识别和修复。文章从源代码安全的必要性、软件供应链安全的安全风险和不可控风险出发,重点阐述了源代码检测的技术原理、技术难点以及目前国产源代码的技术突破,同时对“安全左移”的具体落实提出建设性意见。
With the increase of the intensity of actual combat attack and defense drills in recent years and the strengthening of beating,source code detection technology is still an important problem to be solved so far.Different from bugs,vulnerabilities are more difficult to identify and repair.Starting from the necessity of source code security,security risk and uncontrollable risk of software supply chain security,this paper focuses on the technical principle and technical difficulties of source code detection,as well as the technical breakthrough of domestic source code at present,and puts forward constructive suggestions on the concrete implementation of“security left shift”.
作者
孙丽
Sun Li(Jiangsu Golden Shield Detection Technology Co.,Ltd.,Nanjing 210042,China)
出处
《无线互联科技》
2023年第8期158-161,共4页
Wireless Internet Technology
关键词
源代码安全
网络安全
软件供应链安全
源代码检测技术
安全左移
source code security
network security
software supply chain security
source code detection technology
safe left shift
