SESSION

Open Source Software has become the mainstream trend in information and communication in recent years, from 5G (ORAN), blockchain, AI, and Cloud, to embedded devices, etc., from the application layer to the driver layer. From consumer to industrial applications, the industry has frequently used open source software as components for integration or secondary development. However, managing open source software security vulnerabilities after product development is over can be costly. In this sharing, SZ will analyze the status and trend of Common Vulnerabilities and Exposures (CVE) of open source software in recent years and describe how to integrate into software through requirements analysis, SBOM usage, analysis of open source software components, etc. Development lifecycle to manage open source software security vulnerabilities, thereby reducing overall software development/maintenance costs. In addition, from the perspective of open source software developers for many years, SZ will share how to track and deal with open source software security vulnerabilities through systematic tools, SBOM open source tools, etc. In addition to known vulnerabilities, SZ will share how to uncover unknown vulnerabilities through testing.

Open source is managed through open source, and open source software is used to create security products with reasonable R&D costs and acceptable information security risks so that R&D personnel can spend their energy on core technology research and development.