摘要
开源软件已经成为支撑数字社会正常运转的最基本元素之一,渗透到各个行业和领域.随着开源软件供应链越发复杂多元,开源软件供应链安全攻击事件造成的危害也越发严重.梳理了开源软件供应链生态发展现状和世界主要国家开源软件供应链安全战略布局,从开源软件开发安全、使用安全和运营安全维度,提出了开源软件供应链安全风险分析体系,给出当前开源软件供应链面临的主要安全风险,构建了开源软件供应链安全保障模型,并从供应链环节、相关主体和保障措施3个维度提出我国开源软件供应链安全与发展对策建议.
Open-source software has become one of the most fundamental elements that support the operation of the digital society.It has also been penetrated to various industries and fields.As the open-source software supply chain becomes increasingly complex and diversified,the risks caused by security attacks on the open-source software supply chain are also intensified.This paper summarizes the current development of the open-source software supply chain ecosystem and the strategic layout of open-source software supply chain security in major countries.From the dimensions of development security,usage security,and operation security,this paper proposes an open-source software supply chain security risk analysis system.It identifies the major security risks currently faced by the open-source software supply chain.Besides,this paper constructs a security assurance model for the open-source software supply chain and offers countermeasures and suggestions for the security and development of China's open-source software supply chain from the dimensions of supply chain phases,relevant entities,and safeguard measures.
作者
王江
姜伟
张璨
Wang Jiang;Jiang Wei;Zhang Can(Chinese Academyof Cyberspace Studies,Beijing 100048)
出处
《信息安全研究》
CSCD
北大核心
2024年第9期862-869,共8页
Journal of Information Security Research
基金
国家社科基金项目(23VRC094)
国家社科基金重大项目(22&ZD147)
国家重点研发计划项目(2021YFB3101300,2021YFB3101302,2021YFB3101305)。
关键词
网络安全
软件安全
开源软件
软件供应链
开源软件供应链安全
network security
software security
open-source software
software supply chain
open-source software supply chain security
