中圖分類號： TP311.52
文獻標識碼： A
DOI： 10.19358/j.issn.2097-1788.2023.01.009
引用格式： 余建利，姜榮霞，盧蓉. 電信運營商開源軟件供應鏈安全治理探討[J].網絡安全與數據治理，2023，42(1)：67-71，85.

Discussion on security governance of open source software supply chain of telecommunication operators

Abstract： As open source software is widely used in various production systems, domestic telecom operators who are responsible for ensuring people′s communication needs are facing more and more security risks. This paper analyzes the various risks caused by the security problems of open source software supply chain to telecom operators, and discusses the security governance methods of open source software supply chain of telecom operators. Through top-level design, open source software detection, security warehouse construction and DevSecOps practice, the security risks of telecom operators can be effectively reduced.

Key words : open source software；software supply chain；security vulnerabilities；security governance