A software company is a large-scale high-tech listed enterprise and one of the top 100 national software companies. It has undertaken a large number of national key projects and has customer base in various fields. This software company focuses on digitalization to promote efficient, convenient and precise business development for governments and enterprises.
Source code review addresses security risks and helps deliver safe and reliable products
The "certain platform" software system developed by this software company is a software customized and developed for a certain system. According to relevant national requirements, it needs to undergo a Level 3 assessment for classification protection. In order to ensure the fairness, independence and objectivity of the evaluation, the software company entrusted open source network security, which has excellent capabilities in security services, as a third-party organization to conduct source code security audits of the systems it developed, and issued a three-level protection evaluation report Required source code security audit reports.
Open Source Network Security conducted a source code security audit on its software system. After the first round of testing, security engineers made suggestions for repairs. After regression testing, it was found that the security of the software system was greatly improved, which helped the product pass the Level 3 assessment of the Class A Classification Protection System. Security risks are avoided and resolved before the software system goes online, and safe and reliable software products are provided.
Open Source Network Security conducted a source code security audit on four projects involved in the platform (a total of 1.6 million+ lines of code). The audit content included source code security vulnerabilities, open source component security vulnerabilities, and malicious code information. Our security engineers provided corresponding repair suggestions after the initial test. After the developers repaired it, the regression test showed that the vulnerability repair rate reached 92.8%, which greatly reduced the software security risk.
Meet policy review needs and achieve win-win outcomes for all parties
- This project has typical national policy-oriented characteristics. According to the requirements of national policies, in order to promote the security shift to the left and realize the construction of domestic software barriers, the promulgation of strong requirements regulations can promote software development manufacturers to face up to development security issues and effectively Prevent and deal with potential safety risks.
- Software development companies cannot evaluate the software products they develop from a fair and objective perspective. Therefore, as a leader in the third-party software security industry, Open Source Network Security has the ability to provide complete software security products and services to software development customers. It can help software development customers find problems before the software goes online, fix vulnerabilities, and avoid potential security risks.
- This project embodies a virtuous cycle between users, suppliers, and third-party organizations. Through pre-launch testing, it discovers and solves the security risks of the source code and open source components, and provides suppliers with the opportunity to pass the Level 3 assessment of the MLA. The basis of the report also enables actual users to obtain truly safe and reliable software products, achieving a win-win situation for all parties.
In the future, the software company will firmly promote the development of basic software, create a strong application ecosystem, and achieve high-quality development of the software industry. Open source network security will also continue to provide security empowerment for various industries, help enterprises operate safely, and focus on business growth.
Hebei Linghe: Code audit improves system security and protects the digital prosperity of enterprises
