Open source and safe "song of ice and fire"

author | He Miao         Coordinating editor | Zhang Hongyue

Produce | CSDN（ID：CSDNnews）

2022 Open a year log4j Cause the global information security earthquake , Governments around the world 、 Non profit foundations 、 Think tanks are paying high attention to the field of open source security ：

The China Academy of communications and communications was established “ Open source and security ” department ;

OpenSSF GM Brian Behlendorf Make a statement in the United States Congress ;

Google And other giants invested heavily in safety related , Including bug fixes ;

Open source occupies more of the software supply chain , Enterprises begin to pay attention to SBOM、 Compliance testing, etc .

Such a cutting-edge and important topic , More people should know and pay attention to . therefore , from CSDN The host , Yunda Institute of China Academy of information and communication 、 Kaiyuan society 、 Tengyuan Association jointly supports 《 Open source Roundtable 》 In the eleventh issue, we invited technical experts from Huawei open source management center , The open atom Foundation TOC Member Xu Liang , Guoxue, deputy director of open source and software security department of Yunda Institute of Chinese Academy of communications  , Polar fox (GitLab) DevOps Technical preacher 、OpenSSF Ma Jinghe, deputy head of the China working group, jointly discussed open source security issues .

This topic

• “ Open source security ” What does it mean in a general sense ？

• Why does a small open source vulnerability lead to a very serious open source security problem ？

• Open source usually means open , And a high degree of openness will also bring higher risks , How to balance the natural contradiction between open source and security ？

• How should enterprises establish their own open source security strategy ？

Share time and address

Time ：7 month 5 Japan 19:00-20:30

Broadcast address ：https://live.csdn.net/room/csdnnews/fXXyTo5y

platform ：CSDN Website 、CSDN Wechat video Number

Sharing guests

Xu Liang Huawei open source management center , The open atom Foundation TOC member

As a member of the open source community, it is close 10 year , Experienced in the open source community “90 after ”, Xu Liang has been involved in the open source community since high school ,2011 It has become Debian Developers of , And repeatedly undertake GSoC Project mentors . Now he is a technical expert of Huawei open source capability center 、 Open atom open source foundation TOC member .

Xue Guo Deputy director of the open source and software security department of the Yunda Institute of the Chinese Academy of the communications

Xue Guo , Deputy director of the open source and software security department of the Yunda Institute of the Chinese Academy of the communications . Mainly engaged in open source 、 Safety related work , At present, he is the director of China Communications Standardization Association TC608 Open source governance 、 Insurance cloud 、 Cloud security 、 Team leader of risk management and other working groups . Lead the preparation ITU standard 《 Cloud computing risk management framework 》, Establish a trusted open source standard system , Lead the preparation 《 Open source ecological white paper 》 And more than ten white papers on open source and security .

Ma Jinghe Polar fox (GitLab) DevOps Technical preacher ,OpenSSF Deputy head of China Working Group

Engaged in research and development （ZTE）, Have practiced DevSecOps（IBM）, Currently in Jihu (GitLab) do DevOps/DevSecOps Technical sermons . Participate in open source related activities in your spare time , yes LFAPAC Open source preacher ,CDF ambassador,OpenSSF Deputy head of China Working Group .

Tang Xiaoyin （ host ）CSDN《 New programmers 》 Managing editor

Tang Xiaoyin ,CSDN《 New programmers 》 Managing editor , Plan as a whole 《 Annual survey report of Chinese developers 》, Editor in chief 《 China AI Application developer Report 》、《 China open source application developer report 》 Series report , primary 《 The programmer 》 Magazine editor , Previous appointment MDCC、CCAI、 Editor in chief of developer conferences such as the open source heroes Association .

Scan QR code to make an appointment for live broadcast

Participate in interaction and win gifts