一种筛选和识别供应链软件的方法
A Method to Filter and Identify the Supply Chain Software
DOI: 10.12677/CSA.2022.1212300, PDF,  被引量   
作者: 孙 晴, 田春岐:同济大学计算机科学与技术系,上海;王 伟:华东师范大学数据科学与工程学院,上海
关键词: 开源软件供应链包管理器代码依赖关系Open Source Software Supply Chain Package Manager Code Dependency Relationship
摘要: 筛选和识别开源供应链软件是软件供应链安全的前置条件,也是帮助用户和企业甄选可靠软件的必要手段。同时识别整个生态的供应链,是探究生态特点、查找生态隐患的重要方法。本文通过追溯不同编程语言管理外部依赖方法的发展史,概括出当今四种常见的外部依赖管理方式,并提出了一种通用的开源软件供应链构建算法,通过实验证明了该方法的有效性。
Abstract: Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises select reliable software. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. The effectiveness of this method is proved by experiments.
文章引用:孙晴, 田春岐, 王伟. 一种筛选和识别供应链软件的方法[J]. 计算机科学与应用, 2022, 12(12): 2958-2970. https://doi.org/10.12677/CSA.2022.1212300

参考文献

[1] 梁冠宇, 武延军, 吴敬征, 赵琛. 面向操作系统可靠性保障的开源软件供应链[J]. 软件学报, 2020, 31(10): 3056-3073. [Google Scholar] [CrossRef
[2] Spinellis, D. (2012) Git. IEEE Software, 29, 100-101. [Google Scholar] [CrossRef
[3] 李学彬. 开源软件依赖可满足性识别方法研究与实现[D]: [硕士学位论文]. 沈阳: 东北大学, 2008.
[4] Ballou, R.H. and Srivastava, S.K. (2007) Business Logistics/Supply Chain Man-agement: Planning, Organizing, and Controlling the Supply Chain. Pearson Education, New York .
[5] Tan, K.C., Kannan, V.R., Handfield, R.B., et al. (1999) Supply Chain Management: An Empirical Study of Its Impact on Perfor-mance. International Journal of Operations & Production Management, 19, 1034-1052. [Google Scholar] [CrossRef
[6] Belguidoum, M. and Dagnat, F. (2007) Dependency Manage-ment in Software Component Deployment. Electronic Notes in Theoretical Computer Science, 182, 17-32. [Google Scholar] [CrossRef
[7] 向胜军, 周树杰. C++代码复用技术之分析[J]. 北京石油化工学院学报, 2003, 11(4): 41-44.
[8] 谷凤伟. 基于Makefile文件依赖的源码分析工具设计与实现[D]: [硕士学位论文]. 南京: 南京大学, 2016.
[9] Varanasi, B. (2019) Introducing Maven: A Build Tool for Today’s Java Developers. Apress, New York. [Google Scholar] [CrossRef
[10] 董晓光, 喻涛. 使用Maven构建java项目[J]. 电子技术与软件工程, 2014(10): 105.
[11] Decan, A., Mens, T. and Grosjean, P. (2019) An Empirical Comparison of Dependency Network Evolution in Seven Software Packaging Ecosystems. Empirical Software Engineering, 24, 381-416. [Google Scholar] [CrossRef