检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陈丽娜 廖璇 董国豪 龚祥祥 CHEN Lina;LIAO Xuan;DONG Guohao;GONG Xiangxiang(China Academy of Information and Communications Technology,Beijing 100191)
出 处:《软件》2025年第1期53-55,共3页Software
摘 要:在全球化和数字化背景下,第三方开源组件已成为软件开发的核心驱动力,但也带来了严重的供应链安全风险。多起重大攻击事件,如Polyfill服务被黑客利用分发恶意软件、XZ库被植入后门,揭示了开源组件的脆弱性,暴露了安全防护措施的不足,公众对开源组件的信任受到了冲击。为应对复杂的安全挑战,必须调整和强化供应链安全策略,确保软件开发的稳定性和可靠性。In the context of globalization and digitization,third-party open source components have become the core driving force for software development,but they also bring serious supply chain security risks.Multiple major attack incidents,such as the Polyfill service being exploited by hackers to distribute malicious software and the XZ library being implanted with backdoors,have revealed the vulnerability of open source components and exposed the inadequacy of security measures,which have impacted public trust in open source components.To address complex security challenges,it is necessary to adjust and strengthen supply chain security strategies to ensure the stability and reliability of software development.
关 键 词:供应链攻击 第三方开源组件 Polyfill攻击事件 XZ库投毒 信息通信技术(ICT)
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49