Recently, the "2023 Network Security Outstanding Innovation Achievement Competition and Sichuan Province 'Panda Cup' Network Security Excellent Works Competition" was successfully held. Organized by Space Safety Association and other units. The "Du Xiaoman Internet Finance Open Source Software Governance Solution" jointly created by Kaiyuan Wangan and Du Xiaoman won the winning prize of this competition .
Du Xiaoman Internet Finance Open Source Software Governance Solution
The "Du Xiaoman Internet Financial Open Source Software Governance Solution" jointly created by Kaiyuan Wangan and Du Xiaoman uses industry-leading software component analysis technology (SCA) to build an open source software governance analysis platform, and establishes a complete open source software for financial customers including Du Xiaoman. Software security knowledge base system, including vulnerability database, third-party open source component library, version library, repair solution library, license license library and association relationship.
This solution deeply solves a series of security risk problems encountered by Du Xiaoman Technology in the use of open source software, including the following actual needs:
❖ Regularly scan the in-line code warehouse platform to build enterprise project-level ledger information.
❖ Realize risk warning and traceability impact analysis of open source software vulnerabilities.
❖ Identify open source software vulnerabilities and risks, and conduct strict management.
❖ Detect and analyze licenses in open source software, and provide security measures for high-risk software.
❖ Assist in assessing the security risks of new open source software to be launched.
Program effect
1. Build an integrated component asset ledger
The open source software governance platform automatically organizes open source assets within the enterprise, establishes automated management processes among security, R&D, and configuration departments, and reduces labor costs for operation and maintenance.
2. Reduce open source risks introduced by third-party/open source components
Help customers reduce the risk of open source components, establish a trusted open source library, identify self-developed and open source components, strengthen usage specifications and actual application effects, and improve the security and compliance of open source components.
3. Help project management and risk control
Software composition analysis helps the project management team better understand software composition and intellectual property information, and enhance project controllability. At the same time, the vulnerabilities and security issues of external components can be grasped in a timely manner, and risk avoidance measures can be taken in advance.
4. Improve the efficiency of the security department
By building an online vulnerability update capability with the open source software governance analysis platform, we can grasp the risk public opinion of open source components in real time, understand the risk impact of enterprises in a timely manner, and improve the emergency response efficiency of risks in the industry.
This solution helps customers obtain security guarantees in the application of open source technology, quickly improves the efficiency of business research and development, improves the management and control capabilities of open source technology and the construction of an open source ecosystem, and realizes the upgrade from "open source available" to "open source controllable", driving The security governance level of open source software in the financial industry has been greatly improved.
This award fully proves the professional strength of Open Source Network Security in the direction of open source software governance and open source software supply chain security. In the future, Open Source Network Security will continue to explore open source software security issues, promote open source technology to adapt to the development of the industry, and empower the industry to carry out digital innovation more safely.