A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain

Lou Zehua; Liang Guan-Yu; Wu Yan-Jun; Wu Bin; Wu Songlin; Sun Qing; Wang Wei; Tian Chunqi

doi:10.1109/ICBDA57405.2023.10104906

A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain

Lou Zehua^*
, Liang Guan-Yu
, Wu Yan-Jun
, Wu Bin
, Wu Songlin
, Sun Qing
, Wang Wei
, Tian Chunqi

^*Corresponding author for this work

School of Data Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises choose reliable softwares. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. Finally, the Linux distribution version is used as a case of large software systems, and its supply chain is analyzed.

Original language	English
Title of host publication	2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	205-214
Number of pages	10
ISBN (Electronic)	9798350310764
DOIs	https://doi.org/10.1109/ICBDA57405.2023.10104906
State	Published - 2023
Event	8th IEEE International Conference on Big Data Analytics, ICBDA 2023 - Virtual, Online, China Duration: 3 Mar 2023 → 5 Mar 2023

Publication series

Name	2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023

Conference

Conference	8th IEEE International Conference on Big Data Analytics, ICBDA 2023
Country/Territory	China
City	Virtual, Online
Period	3/03/23 → 5/03/23

Keywords

code dependency relationship
open source sofnvare supply chain
package manager

Access to Document

10.1109/ICBDA57405.2023.10104906

Cite this

Zehua, L., Guan-Yu, L., Yan-Jun, W., Bin, W., Songlin, W., Qing, S., Wei, W., & Chunqi, T. (2023). A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain. In 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023 (pp. 205-214). (2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICBDA57405.2023.10104906

@inproceedings{f6f5e592c9ca4eacae6882e840ae9d79,

title = "A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain",

abstract = "Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises choose reliable softwares. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. Finally, the Linux distribution version is used as a case of large software systems, and its supply chain is analyzed.",

keywords = "code dependency relationship, open source sofnvare supply chain, package manager",

author = "Lou Zehua and Liang Guan-Yu and Wu Yan-Jun and Wu Bin and Wu Songlin and Sun Qing and Wang Wei and Tian Chunqi",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 8th IEEE International Conference on Big Data Analytics, ICBDA 2023 ; Conference date: 03-03-2023 Through 05-03-2023",

year = "2023",

doi = "10.1109/ICBDA57405.2023.10104906",

language = "英语",

series = "2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "205--214",

booktitle = "2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023",

address = "美国",

}

Zehua, L, Guan-Yu, L, Yan-Jun, W, Bin, W, Songlin, W, Qing, S, Wei, W & Chunqi, T 2023, A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain. in 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023. 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023, Institute of Electrical and Electronics Engineers Inc., pp. 205-214, 8th IEEE International Conference on Big Data Analytics, ICBDA 2023, Virtual, Online, China, 3/03/23. https://doi.org/10.1109/ICBDA57405.2023.10104906

A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain. / Zehua, Lou; Guan-Yu, Liang; Yan-Jun, Wu et al.
2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 205-214 (2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain

AU - Zehua, Lou

AU - Guan-Yu, Liang

AU - Yan-Jun, Wu

AU - Bin, Wu

AU - Songlin, Wu

AU - Qing, Sun

AU - Wei, Wang

AU - Chunqi, Tian

PY - 2023

Y1 - 2023

N2 - Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises choose reliable softwares. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. Finally, the Linux distribution version is used as a case of large software systems, and its supply chain is analyzed.

AB - Filtering and identifying open source supply chain software are the front conditions for the security of the software supply chain, and it is a necessary means to help users and enterprises choose reliable softwares. At the same time, identifying the supply chain of the entire ecology is a vital way to explore the ecological characteristics and find hidden dangers. By tracing the development history of external dependencies in different programming language management, this article summarizes the four common external dependencies management methods today and proposes a universal open source software supply chain construction algorithm. Finally, the Linux distribution version is used as a case of large software systems, and its supply chain is analyzed.

KW - code dependency relationship

KW - open source sofnvare supply chain

KW - package manager

UR - https://www.scopus.com/pages/publications/85158853068

U2 - 10.1109/ICBDA57405.2023.10104906

DO - 10.1109/ICBDA57405.2023.10104906

M3 - 会议稿件

AN - SCOPUS:85158853068

T3 - 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023

SP - 205

EP - 214

BT - 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 8th IEEE International Conference on Big Data Analytics, ICBDA 2023

Y2 - 3 March 2023 through 5 March 2023

ER -

Zehua L, Guan-Yu L, Yan-Jun W, Bin W, Songlin W, Qing S et al. A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain. In 2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 205-214. (2023 IEEE 8th International Conference on Big Data Analytics, ICBDA 2023). doi: 10.1109/ICBDA57405.2023.10104906

A Data Engineering Method for Filtering and Identifying Open Source Software Supply Chain

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this