Shulou(Shulou.com)11/24 Report--

Thousands of people gathered at the National Convention Center to participate in the event.

"DSS 2023

On August 10, the 2023 Digital supply chain Security Conference (DSS 2023) was held in Beijing National Convention Center. The conference was organized by overhanging Mirror Security, and co-sponsored by ISC Internet Security Conference Organizing Committee, China Software Evaluation Center (Center for Promotion of Software and Integrated Circuits of Ministry of Industry and Information Technology), Cloud Computing and big data Research Institute of Chinese Academy of Information and Communications Research, CCF computer Security Professional Committee, Beijing Information Technology Application and Innovation working Committee of Beijing Information Technology Association, OpenChain, and OpenSCA open source community and XRASP code vaccine community.

Under the historical opportunity of no great change in a century, DSS 2023, with the theme of "the Power of Open Source", joined hands with many industry experts, senior research scholars, open source opinion leaders and industry leading users to draw up a new blueprint for the security and ecological development of the digital supply chain driven by open source.

According to the latest statistics of the organizing committee of the DSS conference, there were 1108 seats full on the day of the conference; 56 media in the network security industry reported simultaneously, 22 mainstream media, such as China.com, China Economic Network, Internet Security and Information Magazine, World wide Web, etc., reported special reports, and more than 100 science and technology, finance and economics, venture capital, comprehensive and other media jointly reported, brilliant; on the day of the conference, the live broadcast matrix was watched online 66782 times, and the security knew no boundaries.

At the scene of DSS 2023 conference, Academician Ni Guangnan had an in-depth exchange with Ziya.

The following is an invitation from Ziya, Executive Chairman of the DSS Conference. More than 1200 industry guests attended the meeting at the National Convention Center to participate in the event and talk about a new chapter in the security development of the digital economy.

Invitation letter from Zi Ya, Executive Chairman of DSS Conference

A large-scale and far-reaching security event officially kicked off.

Joint release of SBOM format for China's first digital supply chain

The industry's first focus and complete definition of the new connotation of "digital supply chain security"

China's first "Digital supply chain Security White Paper (2023)" officially released

The industry benchmarking deeply covers seven typical business application scenarios.

The host opened the scene.

Tan Xiaosheng, chairman of Beijing Cyber Yingjie Technology Co., Ltd., president of Zhengqi College, as the moderator of the conference, officially opened this industry conference with technology forum, industrial change and innovative development as the three core values.

President Tan pointed out that in the digital age, the development of digital applications is increasingly dependent on open source and third-party components, and the threat posed by the fragility of open source and third-party components is becoming more and more serious. digital supply chain security has become one of the hotspots of network security. Following the first Asia-Pacific DevSecOps Agile Security Conference with the theme of "Security starts from the supply chain" and the second Global DevSecOps Agile Security Conference with the theme of "Agile symbiotic Evolution", we ushered in the 2023 Digital supply chain Security Conference with the theme of "Open Source Power".

Tan Xiaosheng, Chairman of Beijing Cyber Yingjie Technology Co., Ltd., Dean of Zhengqi College (presiding over the work)

Guest speech

The success of OpenAI and its ChatGPT project once again proves the power of open source. Chen Zhong, director of the Network and Security Laboratory of the School of computer Science at Peking University, said in a speech that open source will lead the future development of the digital economy, including artificial intelligence innovation. In China, especially in the field of innovation, the vast majority of software and hardware rely on the power of open source to build the cornerstone of future development. The breakthroughs in security technologies, tools and methods of digital supply chain can ensure the safety and reliability of information technology application and innovation industry, and then serve the development of economy and society.

Chen Zhong, Director of the Network and Security Laboratory, School of computer Science, Peking University

The development of information innovation industry has become an important part of the national network security strategy. Mao Xinran, secretary-general of the Information Technology Application and Innovation working Committee of Beijing Information Association, pointed out in his speech that in order to promote the development of information technology application and innovation industry, it is necessary to coordinate government, industry, research and application, gather the forces of the upstream and downstream of the digital supply chain ecology, and jointly build a secure and reliable digital supply chain security system. To deal with the growing security threats to the digital supply chain.

Secretary-General of the Information Technology Application and Innovation working Committee of Mao Xinran Beijing Informatization Association

Open source security, as a continuous work, requires widespread attention from all walks of life. Xin Xiaohua, deputy secretary-general of the Open Atomic Open Source Foundation, said in his speech that open source faces security problems in the process of development. to protect the ecological sustainable development of open source, all relevant units should work together to provide due support for open source projects, build mechanisms, establish standards, strong capabilities, expand cooperation, and create a bottom line. Jointly build an open source ecology of national security.

Deputy Secretary-General of Xin Xiaohua Open Atomic Open Source Foundation

Academician's speech

Open source supply chain is an extremely important part of digital supply chain. Ni Guangnan, academician of Chinese Academy of Engineering, gave a speech on the topic of "tamping open source software supply chain security infrastructure". It is made clear that the development of open source is an important way for China to integrate into the world scientific and technological innovation network, but the current international situation is turbulent, as most mainstream open source foundations and open source projects are dominated by foreign countries. As a result, outages, supply cuts, decoupling and other security problems occur from time to time, and the open source supply chain has also been affected to varying degrees. The security of open source supply chain is the core key to the current development of open source, which should be paid great attention to and gradually implemented, including the analysis of open source sources and compliance, the management and control of vulnerability risks, and the early warning of outage and discontinuation risks.

Ni Guangnan, Academician of Chinese Academy of Engineering

The producer's insight

How to define digital supply chain security? Zi Ya, founder of overhanging Mirror Security and executive chairman of CEO and DSS, delivered a keynote speech on "the Power of Open Source". He pointed out that in the digital era, with the development of information technology, including changes in new technologies (digital technology), new releases (development methods), new architecture (application framework) and new environment (infrastructure), supply chains have been promoted to produce leaping changes. The connotation of traditional software supply chain needs to be expanded to digital supply chain. Digital applications, infrastructure services and supply chain data need to be uniformly planned into the supply chain, which is the first time in the industry to define the composition of the digital supply chain. Based on this, digital application security, infrastructure service security and supply chain data security have become the key contents of digital supply chain security.

Founder of Ziya suspension Security and Executive Chairman of CEO and DSS Conference

The essence of open source is group intelligence innovation and symbiotic evolution. In his speech, Ziya once again stressed the importance of open source, and stressed that in the face of an uncertain future, open source will be the source of strength for the development of digital supply chain, and its security needs to be guaranteed. Overhang Security revolutionized the concept of "using open source to do open source risk governance", opening up its own three key SCA technologies: SCA, binary SCA, and runtime SCA, to create an OpenSCA open source community, and based on this, from the four directions of code vaccine patch defense, open source threat intelligence, full-link SBOM tracking and community ecological co-construction, enterprise users are empowered to ensure the security of open source digital supply chain from the source.

Blockbuster release

At the launching ceremony of the conference, hanging Mirror Security officially announced China's first digital supply chain SBOM format-DSDX (Digital Supply-chain Data Exchange). Initiated by the OpenSCA community, DSDX brings together the practical experience of SBOM landing of Party A users such as Open Source China, Telecom Research Institute, ZTE and the technology application perspective of security manufacturers, and adapts to the actual combat application scenarios of Chinese enterprises. Its goal is to become the core technology of digital supply chain security governance and operation, in order to help the industry upgrade software supply security to digital supply chain security.

The guests for the joint launch are:

Ni Guangnan, Academician of Chinese Academy of Engineering (4 from left)

Chen Zhong, Director of Network and Security Laboratory, School of computer Science, Peking University (2 from left)

Founder of sub-bud suspension security and executive chairman of CEO and DSS (3 from left)

He Guofeng, Director, Institute of Security Technology, China Telecom Research Institute (left 6)

Sweet Potato Open Source China CTO (5 from left)

Xiang Shuming ZTE Corporation Open Source Compliance & Director of Security Governance (left 1)

In addition, hanging Mirror Security, together with China Telecom Research Institute and ISC Internet Security Conference, issued the "Digital supply chain Security White Paper (2023)". This white paper is the first related report of digital supply chain security in China after the White Paper on Software supply chain Security (2021) and the White Paper on Security Governance and Operation of Software supply chain (2022).

The guests for the joint launch are:

Ni Guangnan, Academician of Chinese Academy of Engineering (4 from left)

Chen Zhong, Director of Network and Security Laboratory, School of computer Science, Peking University (2 from left)

Founder of sub-bud suspension security and executive chairman of CEO and DSS (3 from left)

Secretary-General of the Information Technology Application and Innovation working Committee of Mao Xinran Beijing Informatization Association (left 1)

He Guofeng, Director, Institute of Security Technology, China Telecom Research Institute (5 from left)

Vice President of Bu Sinan 360 Digital Security Group (6 from left)

Keynote speech

Standing at the historical juncture of great changes not seen in a century, DSS Conference focuses on the world development situation, based on national strategic needs, and aims to help build a digital supply chain security ecological system that brings together the comprehensive forces of "country, industry, institution, enterprise" and "concentric", so as to build a solid security barrier for the construction of digital China.

At DSS 2023, experts, researchers and industry leaders from all walks of life gathered to give a brilliant keynote speech on digital supply chain risk challenges, technological innovation, security practice, ecological construction and other dimensions.

Cheng Yan, deputy general manager of Ant Group Network Security, focuses on software supply chain security, analyzes the current situation of software supply chain security risks, and shares the three key stages of Ant Group in the ecological construction of software supply chain security. as well as the ideas and specific practices on the risk management of software supply chain.

Deputy General Manager of Network Security of Cheng Yan Ant Group

Zhang Jianjun, Technical Director of CITIC Construction Investment Securities Technology Department, based on the securities industry, expounded the characteristics of the industry and the security problems of the digital supply chain faced by it. Share the corresponding security work and technical grasp of CITIC Construction Investment Securities in the development, testing, operation and maintenance, as well as the whole supply chain security management system.

Zhang Jianjun, Technical Director of CITIC Construction Investment Securities Technology Department

He Guofeng, director of the Institute of Security Technology of China Telecom Research Institute, focused on using highly trusted security architecture to solve security problems in the digital age. It emphasizes the importance of the Software Security Center as an important part of the highly trusted security system for digital supply chain security, and shares the relevant practice of China Telecom.

He Guofeng, Director, Institute of Security Technology, China Telecom Research Institute

He Baohong, director of Cloud Computing and big data Research Institute of China Academy of Information and Communications, pointed out that the construction of software supply chain security system in the digital economy era should be based on "three major links and five modules". And call on upstream and downstream institutions and enterprises to take technological breakthroughs as the core to create a credible and secure supply chain ecology.

He Baohong, Director of Cloud Computing and big data Research Institute, China Institute of Information and Communications

Zhai Yanfen, director of Xinfa Division of China Software Evaluation Center, focused on sharing the software supply chain security capability maturity assessment model and how the demand side, supply side and third-party organizations in the supply chain analyze the target through the evaluation model. Software supply chain security status, improve its software supply chain security capability.

Director of Xinfa Division of China Software Evaluation Center, Zhai Yanfen

Wang Yonghui, head of Ping an Yi Wallet's information security operations, based on years of security work experience and starting from the security pain points of open source components, proposed to establish a management system in advance, during and after the event, and to strengthen the practical concept of management and interception introduced by external open source. And share how to promote the smooth landing of security work within the enterprise.

Wang Yonghui, head of Information Security Operation of Ping an Yi Wallet

Yang Liyun, director of the Cloud Computing Research Office of China Institute of Electronic Technology Standardization, focuses on the security standardization of digital supply chain. By analyzing and comparing the mature experience of foreign countries, this paper points out the importance of developing a software bill of material data format standard suitable for our country based on SBOM.

Yang Liyun, Director of Cloud Computing Research Office, China Institute of Electronic Technology Standardization

Zhang Ruigang, strategic officer of Huawei cloud industry and head of Huawei trusted supply chain, introduced the industrial challenges faced by open source governance and shared the landing practice of Huawei cloud software engineering trusted system in open source governance. help effectively manage open source software assets and continuously enhance open source contributions to the industrial community.

Zhang Ruigang, cloud industry strategist and head of trusted supply chain of Huawei

Qin Xiaolei, deputy general manager of the Security Division of China Software Evaluation Center, cut in from open source software vulnerability examples, emphasizing that the identification and repair of open source software vulnerabilities can effectively reduce the open source security risk of mobile App, and introduced in detail how to identify open source software in mobile App and adopt effective risk management strategies.

Deputy General Manager of Security Division of Qin Xiaolei China Software Evaluation Center

Sun Quan, head of information security for a car-connected cloud service provider, pointed out that in the car-connected supply chain security system, data security is often ignored, which needs to be considered comprehensively from the perspective of vehicle structure, national laws and regulations, and human factors. enhance industry data security awareness.

Sun Quan, head of information security for a car Internet cloud service provider.

Xiang Shuming, director of open source compliance and security governance at ZTE Corporation, believes that the introduction of open source has an impact on the digital supply chain. To this end, he shared a series of strategies and tactics for open source governance of the digital supply chain and the establishment of open source software digital supply chain security mechanism from the "three lines".

Xiang Shuming, Director of Open Source Compliance & Security Governance, ZTE Corporation

Interpretation of White Paper

Hanging Mirror Security COO Dong Yi pointed out in the interpretation of "Digital supply chain Security White Paper (2023)" that the white paper defines the new concept of digital supply chain security in detail, analyzes the current situation of digital supply chain security risks, and shares new ideas and schemes for digital supply chain security system construction and practice, which is a guide for enterprise organizations to carry out digital supply chain security work.

Dong Yi suspension safety COO

Round table forum

Then, at the "High-end Round Table Forum" chaired by Tan Xiaosheng, it revolved around the theme of "Building a new ecology for innovation and development of digital supply chain security industry". Yan Ming, Honorary Director of computer Security Committee of Chinese computer Society and former Director of one and three Institute of Public Security, Chen Zhong, Director of Network and Information Security Lab, School of computer Science, Peking University, Gao Dan, Business General Manager of Open Source China CTO Sweet Potato and Sadie Sadie Consulting Co., Ltd., Xie Yun, chief scientist of Dongfang Tong, and CTO Ning GE, suspended security, shared their views.

The one-day 2023 Digital supply chain Security Conference was successfully held, but this does not mean that the technical innovation, product application, solution landing and ecological construction in the field of digital supply chain security will continue to be carried out on the basis of the platform built by the DSS conference to promote the evolution of software supply chain security to digital supply chain security. DSS Conference will continue to work with organizations and enterprises in the upstream and downstream of the digital supply chain ecology to continuously protect the security of China's digital supply chain.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.