Building information systems based on open source software has become a mainstream trend . The rapid iteration of open source software , lack of security development mechanisms , and insufficient maintenance personnel have led to Global open source security incidents occur frequently ,It threatens the security of user information and also brings the risk of privacy information leakage . Therefore , open source security risks have become a global challenge and the primary concern of open source projects .In order to reduce the risk of open source and ensure the security of open source , it is required that the open source community must implement an open source security mechanism . To this end , the open Kylin community has launched a " controllable open source " system , _ _Escort for open source security .

What is " Controlled Open Source " ?

" Controllable open source " refers to enabling users and developers to use open source community software and development in a safe , continuous and stable manner on the basis of ensuring the security of open source code . Supporting services involved in the source software.

Features of " Controlled Open Source "

The " controllable open source " system conducts security management around the entire link of code circulation from the five important links of code source , design , use , innovation and development .

1. The source is controllable

For the imported open source components , through compliance checks , security vulnerability scanning , static code analysis , dynamic code analysis and other technical means to ensure the introduction of open n K y l i n community 's open sourceThe source of component code is clear , transparent and safe .

2. Controllable design

Establish a security committee to ensure that the openKylin community open source software is trusted, protected, secure and isolated by establishing a security baseline, standardizing the selection of open source components, modeling and analyzing trusted threats to the system architecture, and other technical means.

3. Use controllable

Provide mechanisms such as protocol consistency check tools , vulnerability detection and repair , and software updates to avoid legal issues during the use of open Kylin open source software . _ Legal and intellectual property risks , protectionOpen source software operating environment , security of upgrade and maintenance .

4. Innovation is controllable

Provide measures to lower the threshold for contributors, attract contributors to participate, and continuously optimize contributor participation mechanisms and incentives. It has incubated star SIG groups such as UKUI, RISC-V, and Virtualization, and has the ability to independently develop software core modules, replace core modules, customize optimization, and continue to contribute to the code maintenance of the upstream community. The innovation capability of the openKylin open source community has reached controllable requirements.

5. Development is controllable

Provide the self-developed infrastructure platform and the mechanism of the technology committee + SIG group leading the version and key technical route, effectively guaranteeing the security of the development and evolution of openKylin open source software.

Current progress of " controllable open source "

At present, openKylin's "controllable open source" security system is actively promoting the construction of open source compliance, vulnerability emergency response, and vulnerability management platforms. It is oriented to multiple scenarios to protect the security of the community and avoid possible security risks in a timely manner. The details are as follows:

Open Kylin Access Control System: It is an open source compliance detection platform built by the Infrastructure SIG group. The platform covers the reliability, stability, security and open source protocol risk detection of open source selection, and is committed to ensuring that the source of the imported open source components is clear, safe and transparent.

Open Kylin Security Emergency Response Center: An open source operating system security vulnerability release, response, processing, and release platform built by the SecurityCommittee SIG group and contributed by community members. The platform covers the full lifecycle management of reported vulnerabilities, and is committed to broadening the channels for vulnerability discovery and enhancing the ability to face unknown information security risks.

Open Kylin Vulnerability Management Platform: It is a service-oriented platform independently developed by the SecurityCommittee SIG group to effectively perform its own functions and improve vulnerability monitoring and response repair capabilities.

In the face of increasingly severe open source security challenges, openKylin, as the first desktop operating system root community in China, actively builds an open source security mechanism and platform, allowing developers to safely and efficiently carry out research and development work on the openKylin community platform. Next, openKylin will continue to focus on the construction of the "controllable open source" system, and promote the domestic open source field to a new stage of security innovation.

The openKylin community aims to take "co-creation" as the core, and on the basis of open source, voluntariness, equality, and collaboration, to build a partner ecosystem with enterprises in an open source and open way, and to jointly create a top-level desktop operating system community. Promote the prosperity and development of Linux open source technology and its software and hardware ecology.

The first batch of council member units in the community include Kylin Software, Puhua Basic Software, Zhongke Fangde, Kylin Principal, Meditation Software, Yiming Software, ZTE New Fulcrum, Yuanxin Technology, China Electronics 32, Jide System, Beijing Lin Zhuo, Advanced Operating System Innovation Center and other 13 industry colleagues and industry organizations.

welecom!