Shulou(Shulou.com)11/24 Report--

CTOnews.com February 7 news, recently, China Information and Communication Institute announced the first batch of "information security technology software products open source code security evaluation methods" national standard pilot verification results, the first batch of 8 pilot verification products.

According to the China Academy of Information and Communication, in recent years, while software has become a basic operating component of society, open source code security incidents occur frequently, posing a major threat to the stable operation of software products, user data protection and even national security. Open source code security in software products is highly valued by the industry. Open source code security is directly related to software product security. At present, the security management mechanism of open source code in enterprises is not perfect, and they are faced with risks such as unclear software composition, unstable supply, unavailability of products and so on. It is imperative to establish an open source code security standard system to help software products reduce the open source code security risk.

Under the guidance of tc260, the Chinese Academy of Information and Communications took the lead in establishing the national standard "Open Source Code Security Evaluation method for Information Security Technology Software products" and continued to promote the preparation of the draft. This standard evaluates the security of open source code in software products from four aspects: source of open source code, quality of open source code, intellectual property of open source code and maturity of open source code management, so as to provide reference for each unit to self-evaluate the security of open source code of their own software products. it provides a basis for third-party organizations to review and evaluate the open source code security capability of software products, and can also provide a reference for the competent regulatory authorities. At the same time, it aims to contribute to the strengthening of network security and information construction, and to create a cyberspace for open source code security.

▲ software product open source code security evaluation method system framework diagram in order to improve the implementation of the standard and continuously improve the standard content, China Institute of Information and Communication Institute led the organization of the first batch of "Information Security Technology Software products Open Source Code Security Evaluation method" national standard pilot verification work, after verification preparation and registration, technical testing, material review, test report generation, expert review and many other stages. A total of 8 products / capabilities of 8 enterprises have completed the pilot verification of the national standard.

CTOnews.com summarizes the pilot verification list of open source code security for the first batch of software products:

Industrial Bank Co., Ltd.: security R & D service platform V0.1

Tianyi Cloud Technology Co., Ltd.: Tianyi Cloud SCDN Edge access V1.1.7

BYD Automotive Industry Co., Ltd.: payment Center system V1.0.0

Yijiatong (Hubei) Technology Co., Ltd.: GKUI Project Warehouse V1.0

Shanxi Guienbo Information Technology Co., Ltd.: order Management Center platform V1.0

Agricultural Bank of China Co., Ltd.: branch financial services cloud platform management V1.0.0

Citic Bank Co., Ltd.: mobile banking channel integration front V1.0

Kirin Software Co., Ltd.: Galaxy Kirin desktop operating system V10 (SP1) 2203

China Institute of Information and Communication said that in the future, it will continue to carry out pilot verification of open source code security for software products for relevant units, and those interested in participating are welcome to sign up.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.