Shulou(Shulou.com)11/24 Report--

CTOnews.com, July 27 (Xinhua) according to CAICT official account of the China Academy of Information and Communications, the 2023 China Internet Conference Open Source supply chain Forum, jointly organized by the China Institute of Information and Communications and the China Communications Standardization Association, was successfully held in Beijing a few days ago.

At the meeting, the China Institute of Information and Communication released the third batch of pilot verification results of the national standard "Open Source Code Security Evaluation methods for Information Security Technology Software products".

▲ CAICT official account of China Institute of Information and Communication under the guidance of TC260, China Academy of Information and Communications took the lead in establishing the national standard "Information Security Technology Software products Open Source Code Security Evaluation method" and continued to promote the preparation of the standard.

After inquiry, CTOnews.com learned that the national standard evaluates the security of software products from four aspects: "open source source", "open source code security quality", "open source intellectual property" and "open source code management". It can provide reference for each unit to self-evaluate the open source code security of their own software products. At the same time, it can not only provide a basis for third-party organizations to review and evaluate the open source code security capabilities of software products, but also provide a reference for regulatory authorities. At the same time, it aims to contribute to the strengthening of network security and information construction, and to create a cyberspace for open source code security.

▲ Picture Source China Institute of Information and Communication CAICT official account

In order to improve the implementation of the standard and continuously improve the content of the standard, ▲ Picture Source CAICT official account of China ICT Academy organized the national standard pilot verification of "Open Source Code Security Evaluation method for Information Security Technology Software products" in batches. After many stages, such as verification preparation and registration, technical test, material review, test report generation, expert review and so on, the results show A total of 5 products / capabilities of 5 enterprises have completed the pilot verification of the national standard, and the CTOnews.com arrangement is as follows:

National Energy Information Technology Co., Ltd. Group network resource management platform Ucenter2.0

Guoneng Dadu River big data Service Co., Ltd. Data Mall V1.0

Intelligent legal examination system V1.0 of Ningbo Bank Co., Ltd.

Polar Krypton Intelligent Technology (Hangzhou) Co., Ltd. Fanxing V5.11

Fangde Desktop operating system v5.0 of Zhongke Fangde Software Co., Ltd.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.