Survey on Open-source Software Supply Chain Security

被引：0

作者：

Ji S.-L. ^{[1
]}

Wang Q.-Y. ^{[1
]}

Chen A.-Y. ^{[1
]}

Zhao B.-B. ^{[2
]}

Ye T. ^{[1
]}

Zhang X.-H. ^{[1
]}

Wu J.-Z. ^{[3
]}

Li Y. ^{[4
]}

Yin J.-W. ^{[1
]}

Wu Y.-J. ^{[3
]}

机构：

[1] College of Computer Science and Technology, Zhejiang University, Hangzhou

[2] Binjiang Institute of Zhejiang University, Hangzhou

[3] Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing

[4] Shanghai Huawei Technologies Co. Ltd., Shanghai

来源：

Ruan Jian Xue Bao/Journal of Software | 2023年 / 34卷 / 03期

关键词：

open-source software supply chain; risk identification; risk management; security hardening;

D O I：

10.13328/j.cnki.jos.006717

中图分类号：

学科分类号：

摘要：

In recent years, the vigorous development of open source software and the modern software development and supply models have greatly facilitated the rapid iteration and evolution of open source software, resulting in increased social benefits. The emerging collaborative software development model of open source has transformed the software development supply process from a relatively linear path to a complex network structure. Within open-source software's complex and intertwined supply relationships, the overall security risk trend has significantly increased, drawing increasing attention from the academic and industrial communities. This work tries to define the new open-source software supply chain model and, based on attacks that have occurred over the past decade, summarizes the threat model and security trends of the open-source software supply chain. For securing the open-source software supply chain, this work provides a systematic overview from the perspectives of risk identification and reinforced defense and also highlight the new challenges and opportunities. © 2023 Chinese Academy of Sciences. All rights reserved.

引用

页码：1330 / 1364

页数：34

共 169 条

[1] State of software security: Open source edition
[2] Wu ZH, Zhang C, Sun H, Et al., Application research of program reverse analysis in pollution detection of software supply chain: A survey, Journal of Computer Applications, 40, 1, pp. 103-115, (2020)
[3] Zhou ZF., Research on software supply chain contamination mechanism and defense technology, (2018)
[4] He XX, Zhang YQ, Liu QX., Software supply chain security: A survey, Journal of Cyber Security, 5, 1, pp. 57-73, (2020)
[5] Hassija V, Chamola V, Gupta V, Et al., A survey on supply chain security: Application areas, security threats, and solution architectures, IEEE Internet of Things Journal, 8, 8, pp. 6222-6246, (2021)
[6] Du S, Lu T, Zhao L, Et al., Towards an analysis of software supply chain risk management, Proc. of the World Congress on Engineering and Computer Science, 1, pp. 162-167, (2013)
[7] Build software better, together
[8] Software development and collaboration platform
[9] The python package index
[10] Npm

← 1 2 3 4 5 6 7 8 9 10 →