Basic software is the cornerstone of supporting the efficient and stable operation of computer systems, which determines the level of development of digital infrastructure. The industrial chain of basic software, represented by operating system, database and middleware, occupies an upstream position in the entire software industry, which directly determines the scale and the efficiency of the downstream output. Due to the characteristics of long R&D cycle and large R&D investment, basic software has gradually attracted attention from various countries and risen to the level of national strategy in the increasingly complex environment of software supply chain. In recent years, while China’s basic software industry has developed rapidly with the help of open source, many security incidents of basic software supply chain have occurred, which brings risks and challenges. This paper reviews the current situation of the basic software supply chain security, analyzes the risks and challenges faced by the basic software supply chain, and puts forward reasonable suggestions from four aspects: policy, industry, user and ecology.