The Analysis of National Security Risk in Open Source Software Supply Chain

Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (9): 790-794.

Online:2021-09-13 Published:2021-09-13

开源软件供应链国家安全风险分析

齐越;刘金芳;李宁;

（中国网络安全审查技术与认证中心北京 100020）

通讯作者: 齐越
作者简介:齐越工程师，主要研究方向为信息通信、网络安全． qiy@isccc.gov.cn 刘金芳博士,助理研究员，主要研究方向为网络安全． liujf@isccc.gov.cn 李宁主要研究方向为网络安全． lin@isccc.gov.cn

Abstract

Abstract: Currently, open source software is widely used in network products, and open source has become an important part of the software supply chain, and its security and controllability issues have become increasingly prominent. Western countries' dominant advantages in open source organizations and open source project policies have a great impact on the security of china's corresponding network product supply chains. Starting from the cybersecurity review, this article combines the analysis results of the open source software code components to study and analyze the national security risks in the open source software supply chain,proposes suggestions for improving the safety management of open source software supply chain.

Key words: national security, cybersecurity review, open source software, supply chain, critical information infrastructure

摘要： 当前，网络产品中大量应用了开源软件，开源已成为软件供应链中的重要一环，其安全性和可控性问题日渐突出．西方国家对开源组织及开源项目政策上的主导优势，对我国相应网络产品供应链安全产生了极大影响．本文从网络安全审查工作出发，结合软件开源代码成分分析结果，对开源软件供应链存在的国家安全风险进行了研究和分析，提出完善开源软件供应链安全管理的建议．

关键词: 国家安全, 网络安全审查, 开源软件, 供应链, 关键信息基础设施

齐越, 刘金芳, 李宁, . 开源软件供应链国家安全风险分析[J]. 信息安全研究, 2021, 7(9): 790-794.

[1]	. Research on Security Risk Assessment of 5G Supply Chain [J]. Journal of Information Security Reserach, 2021, 7(9): 822-827.
[2]	. Research on 5G Supply Chain Security Risks and Countermeasures [J]. Journal of Information Security Reserach, 2021, 7(5): 423-427.
[3]	. the limitation of rasp technology in the protection of critical information infrastructure [J]. Journal of Information Security Research, 2021, 7(3): 250-256.
[4]	. Research on Outstanding Risks and Countermeasures Faced by Open Source Software Industry of China [J]. Journal of Information Security Reserach, 2021, 7(10): 973-.
[5]	. Research on 5G Supply Chain Security Under Global Digital Economy Strategic [J]. Journal of Information Security Research, 2020, 6(8): 688-693.
[6]	. Research on The Harm of Data Hegemony to Countries and Individuals and The Countermeasures [J]. Journal of Information Security Research, 2020, 6(5): 448-453.
[7]	. Overview of Current Situation of Critical Information Infrastructure Security Protection at Home and Abroad [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[8]	. A Survey of Research Work on Critical Information Infrastructure System Security Defense [J]. Journal of Information Security Research, 2020, 6(1): 14-24.
[9]	. Research on 5G Supply Chain Security Under Global Digital Economy Strategic [J]. Journal of Information Security Research, 2020, 6(1): 46-51.
[10]	. Research on Cybersecurity Certification System of Critical Information Infrastructure [J]. Journal of Information Security Research, 2019, 5(9): 847-850.
[11]	. Study on Evaluation Indicator System of Critical Information Infrastructure Protection Level [J]. Journal of Information Security Research, 2019, 5(6): 507-513.
[12]	. Research on Legal Problems of Deep Web [J]. Journal of Information Security Research, 2018, 4(7): 593-601.
[13]	. The Development of Digital Economy Urgently Needs to Strengthen the Protection of Critical Information Infrastructure [J]. Journal of Information Security Research, 2018, 4(5): 426-429.
[14]	. A Discussion of Information Security Detection Technology Under the Environment of Big Data [J]. Journal of Information Security Research, 2018, 4(5): 433-439.
[15]	. The Identification of Critical Information Infrastructure and the Enlightenment to China [J]. Journal of Information Security Research, 2017, 3(10): 0-0.