"Song of ice and fire" in the eleventh issue of "open source Roundtable" -- how to balance the natural contradiction between open source and security?

2022 Open a year log4j Cause the global information security earthquake , Governments around the world 、 Non profit foundations 、 Think tanks are paying high attention to the field of open source security ：

• The China Academy of communications and communications was established “ Open source and security ” department

• OpenSSF GM Brian Behlendorf Make a statement in the United States Congress

• Google And other giants invested heavily in safety related , Including bug fixes

• Open source occupies more of the software supply chain , Enterprises begin to pay attention to SBOM、 Compliance testing, etc

Such a cutting-edge and important topic , We believe that more people should know and pay attention to it . from CSDN The host , Yunda Institute of China Academy of information and communication 、 Kaiyuan society 、 Tengyuan Association jointly supports 《 Open source Roundtable 》 Issue 11 , We invite technical experts from Huawei open source management center , The open atom Foundation TOC Xu Liang , Guoxue, deputy director of open source and software security department of Yunda Institute of Chinese Academy of communications  , Polar fox (GitLab) DevOps Technical preacher 、OpenSSF Ma Jinghe, deputy head of the China working group, jointly discussed open source security issues . 

• “ Open source security ” What does it mean in a general sense ？

  
  

• Why does a small open source vulnerability lead to a very serious open source security problem ？

  
  

• Open source usually means open , And a high degree of openness will also bring higher risks , How to balance the natural contradiction between open source and security ？

  
  

• How should enterprises establish their own open source security strategy ？

7 month 5 Japan 19:00-20:30

Kaiyuan society was founded in 2014 year , It's made up of individual members who volunteer to contribute to the cause of open source , In accordance with the “ contribution 、 Consensus 、 Co governance ” Composed of principles , Always maintain vendor neutrality 、 public welfare 、 The characteristics of non-profit , It was the first to “ Open source governance 、 International connection 、 Community development 、 Open source project ” Open source community Consortium for mission . Open source community actively supports open source community 、 Enterprises and relevant government units work closely together , With “ Based on China 、 Contribute to the world ” For the vision , It aims to create a healthy and sustainable open source ecosystem , Promote China's open source community to become an active participant and contributor to the global open source system .

2017 year , The open source society has transformed into a completely composed of individual members , reference ASF And other international top open source foundations . In the last eight years , It links tens of thousands of open source people , Gathered thousands of community members and volunteers 、 Hundreds of lecturers at home and abroad , It has cooperated with nearly 100 sponsors 、 The media 、 Community partners .