摘要
近年来,开源软件受攻击事件呈快速增长态势,引发的危害愈加严重,开源软件安全治理成为国际重要议题。作为开源生态建设的供给者、贡献者和主导者,美国认识到开源软件无处不在,安全风险也相伴相生,将开源软件安全治理上升为国家关键优先事项,从国家战略、政策法规、标准指南等多维度推进开源软件安全保护工作。本文旨在分析美国《开源软件安全倡议摘要报告》,借鉴美国开源软件安全治理最新实践做法,以期完善我国开源安全治理工作。建议从健全开源软件安全风险管理体系、提升自身技术研发水平、加快开源生态基础设施建设、增强国际开源生态建设话语权四方面完善我国开源安全治理工作。
In recent years,the attacks on open-source software have shown rapid growth,and the harm caused by them has become more and more serious,and the security governance of open-source software has become an important international issue.As a supplier,contributor and leader of open-source ecological construction,The United States of America recognizes that open-source software is ubiquitous,and security risks come along with it,and has elevated open-source software security governance to a key national priority,promoting open-source software security protection in multiple dimensions,such as national strategies,policies and regulations,and standards and guidelines.The purpose of this paper is to analyse the Summary of the 2023 Request for Information on Open-source Software Security,and draw on the latest practice of The United States of America open-source software security governance,with a view to improving China’s open-source security governance work.It is recommended to improve China’s open-source security governance in four aspects:improving the security risk management system of open-source software,enhancing its own technology research and development,accelerating the construction of open-source ecological infrastructure,and enhancing the discourse power of international open-source ecological construction.
作者
邓若杨
赵冉
张德馨
Deng Ruoyang;Zhao Ran;Zhang Dexin(China Software Testing Center(MIIT Software and Integrated Circuit Promotion Center),Beijing,100048;China Industrial Control Systems Cyber Emergency Response Team,Beijing,100040)
出处
《工业信息安全》
2024年第5期6-11,共6页
Industry Information Security
关键词
开源软件
开源软件安全
开源软件安全治理
Open-source Software
Open-source Software Security
Open-source Software Security Governance