一种筛选和识别供应链软件的方法

A Method to Filter and Identify the Supply Chain Software

筛选和识别开源供应链软件是软件供应链安全的前置条件,也是帮助用户和企业甄选可靠软件的必要手段。同时识别整个生态的供应链,是探究生态特点、查找生态隐患的重要方法。本文通过追溯不同编程语言管理外部依赖方法的发展史,概括出当今四种常见的外部依赖管理方式,并提出了一种通用的开源软件供应链构建算法,通过实验证明了该方法的有效性。

Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises select reliable software. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. The effectiveness of this method is proved by experiments.