讲座名称：Open Source Security: Challenges, Solutions, and Opportunities

讲座人：刘杨 教授

讲座时间：11月28日14:30

讲座地点：腾讯会议直播（ID:187 575 403）

讲座人介绍：

新加坡南洋理工大学（NTU）计算机集团教授，NTU网络安全实验室主任、HP-NTU公司实验室项目主任以及新加坡国家卓越卫星中心副主任，并于2019年荣获大学领袖论坛讲席教授。刘杨博士专攻软件验证，软件安全和软件工程，其研究填补了形式化方法和程序分析中理论和实际应用之间的空白，评估了软件的设计与实现以确保高安全性。到目前为止，他已经在顶级会议和顶级期刊上发表了超过400篇文章。他还获得多项著名奖项，包括MSRA fellowship，TRF Fellowship, 南洋助理教授，Tan Chin Tuan Fellowship，Nanyang Research Award 2019，NRF Investigatorship 2020，并且在ASE、FSE、ICSE等顶级软件工程会议上获得20项最佳论文奖以及最具影响力软件奖。

讲座内容：

Open-source software (OSS) has become increasingly popular in software development to simplify and shorten the developing cycle. Unfortunately, the reuse of OSS also brings security risks that OSS vulnerabilities could be excessively amplified. Recently, the frequent outbreaks of OSS vulnerabilities, e.g., Log4Shell and Spring4Shell vulnerabilities, and supply chain attacks, have also proved the urgency of securing OSS or the bigger scope of the OSS supply chain. Therefore, identifying, managing, remediating, and governing the potential risks throughout the OSS supply chain is promptly required to be further investigated.

In this talk, we will discuss the rigorous situation of the vulnerable software supply chain, as well as the challenges we are facing to secure the OSS environment. We will also show our recent efforts and solutions in securing the OSS supply chain, including our techniques on software component analysis (SCA), OSS supply chain analysis, license-related risk management, artificial intelligence-based security vulnerability analysis, and our larger scope of governing OSS with health profiles for both open-source software, as well as corresponding development teams. We also highlight the potential opportunities of OSS security and call for research in this direction.

主办单位：网络与信息安全集团