Abstract: At present, open source has become one of the best organizing methods for human superlargescale intellectual collaboration, and has also become the "main battlefield" of technological innovation, ushering in great development worldwide. At the same time, open source software has also become a mature target for software supply chain attacks, facing security vulnerabilities, intellectual property rights, open source regulation and other risks. This paper analyzes the current security situation and risks of open source software supply chain, puts forward open source software development security solutions, and puts forward suggestions for the development of open source software supply chain.

Key words: open source, software supply chain, security vulnerability, property risk, open source regulation, security development solution

摘要： 当前，开源已成为人类超大规模智力协同的最佳组织方式之一，也成为科技创新的“主战场”，在世界范围内迎来大发展.与此同时，开源软件也成为软件供应链攻击的成熟目标，面临着安全漏洞、知识产权、开源管制等风险.通过对开源软件供应链安全现状和风险进行分析，提出开源软件开发安全解决方案，并对开源软件供应链的发展提出建议.

关键词: