摘要
随着“震网”“NotPetya”“心脏滴血”“太阳风”等攻击事件的相继发生,软件供应链安全引起各国高度关注,而国家间竞争、地区冲突和全球性疫情等多种不利因素更加剧了对软件供应链安全生态的冲击,也对装备软件供应链安全提出严峻挑战。首先,从软件供应链全链条安全、软件源头把控、开源代码使用安全、软件供应链管控体系等几个方面入手,分析装备软件供应链面临的网络安全形势和安全风险。然后,从形成装备软件供应链的安全标准体系、安全监管体系、安全测评体系和安全技术体系等角度,提出相应对策措施,为装备软件供应链安全提供支持。
With the successive attacks of“Stuxnet”“NotPetya”“HeartBleed”“SolarWinds”etc.,the security of software supply chain has attracted great attention from all countries.Many adverse factors,such as competitions between countries,regional conflicts and global epidemics,intensifies the impact on the security ecology of software supply chain,and also poses severe challenges to the security of equipment software supply chain.First,the cyber security situation and security risks faced by the equipment software supply chain are analyzed from the aspects of the whole chain security of the software supply chain,the control of the software source,the use security of open source code,and the software supply chain management and control system.Then,from the perspective of forming the security standard system,security management system,security evaluation system and security technology system of equipment software supply chain,this paper puts forward corresponding countermeasures to support the security of equipment software supply chain.
作者
郭荣华
许世平
刘喆
王鹏
赵亚新
GUO Ronghua;XU Shiping;LIU Zhe;WANG Peng;ZHAO Yaxin(Unit 63891 of PLA,Luoyang Henan 471000,China)
出处
《信息安全与通信保密》
2023年第3期103-112,共10页
Information Security and Communications Privacy
关键词
软件供应链
网络安全
安全风险分析
安全对策
software supply chain
cyber security
security risk analysis
security countermeasure
