Chinasoft International Ltd (CFTLF)

[StockpickerCAPC]

A new starting point and a new journey Chinasoft International was selected as the first member of the "Software Supply Chain Security Laboratory" of the China Academy of Information and Communications Technology!

Source
https://www.chinasofti.com/news/2394.htm

June 29, 2022

Recently, the 2022 first 3SCON “Software Supply Chain Security Forum” hosted by the China Academy of Information and Communications Technology (“CAICT”) was held in Beijing. Director Li Wei solemnly announced the official establishment of the "Software Supply Chain Security Lab (3S-LAB)", and announced the list of the first batch of member units of the "Software Supply Chain Security Lab". Chinasoft International is honored to be listed among them. In his speech at the forum, Deputy Director Li Wei pointed out that the security development of my country's software supply chain is faced with problems such as the need to improve the institutional system, difficult to solve the existing problems, and the need to improve the efficiency of security governance. In the context of the digital age, software is everywhere, and software supply chain security management is the core content of digital management of enterprise information systems. Therefore, software supply chain security is not only the responsibility and obligation of an enterprise, but also the key to the survival and development of an enterprise.

In recent years, in the security management of software supply chain, delivery security has always been an important content and a key link of enterprise information management. At present, Chinasoft International Huawei Business Group has successfully established a high-quality security testing and security delivery team based on the credible assessment model and credible construction, aiming at business security submission, and has gradually built a complete set of At the same time, the team has completed the horizontal support for the safe inspection of multiple products of Huawei's business group, and ensured that the products passed the ICSL inspection with high quality. The team takes the security of Huawei's products as its own responsibility, insists on safeguarding the code-level security of Huawei's software supply chain, and continues to escort the security and credibility of Huawei's ecological products.

The "Zeus Security Lab" established by Chinasoft International in September 2021 focuses on software code-level security and product security compliance. Based on security protection work, taking the industry's ecological pain points as the entry point, it enters the security segment and conducts domestic Various types of security threat research and security attack and defense drills and experiments are being carried out in the field of technology productization and field industrialization, and continue to provide tailor-made security protection solutions for new industry scenarios, new technologies and new models, and comprehensively build the industry. Digital protection security matrix, and jointly promote the establishment of a new ecology of software supply chain security.

As a key force and leader in the field of trusted security and open source ecology in China, the establishment of the "Software Supply Chain Security Lab" has far-reaching significance in the development of this field. With the development concept of "leading the industry direction, unifying communication channels, forming industry synergy, and promoting business development", the laboratory aims to unite government, industry, academia, research, and use multiple forces to build industry consensus and actively promote software supply chain security. , continuously improve the standard system, promote the rapid development of key technologies, and gradually establish a software supply chain security ecosystem to help industrial upgrading. As one of the first member units of the "Software Supply Chain Security Lab", Chinasoft International will cooperate closely with ICT in building a security tool standard system, organizing software supply chain security governance, operating credible R&D security capabilities, and promoting new ecosystems. In construction, take on more and greater responsibilities.

Based on the experience of Chinasoft International Huawei Business Group's security delivery practice, security design, security development, security testing, and security assessment for product development, system architecture, network isolation, middleware reinforcement, selection of third-party software, including logical architecture, authentication, access Chinasoft International will join hands with the "Software Supply Chain Security Laboratory" of the Academy of Information and Communications Technology to conduct more in-depth research and exploration on the evaluation methods of authorization management, transmission security, security audit, endogenous security, etc., and improve the security of the enterprise's software supply chain through practice. Management capabilities to reduce software supply chain security risks.

Today, ensuring the security of software supply chain has become a global consensus, and both domestic and international standards organizations are actively promoting the construction of software supply chain security. Guo Xue, deputy director of the Open Source and Software Security Department of the China Academy of Information and Communications Technology, said in the forum that the current software supply chain security governance is in the exploratory stage, and the enterprise software supply chain security management capability has not yet been fully established. In the future, the China Academy of Information and Communications Technology will work with the member units of the "Software Supply Chain Security Laboratory" to continue to promote research on software supply chain security technologies and frameworks, improve the standard system and series of assessments, and encourage and guide important industries to accelerate the implementation of software supply chain security work. ; Further improve the safety management system of upstream and downstream enterprises in the supply chain, and establish a secure and credible ecosystem for the software supply chain.

Chinasoft International will also start from the selection and join hands with the China Academy of Information and Communications Technology to provide more customers with comprehensive technical support, and actively participate in the ecological construction of the national software supply chain security. Domestic leading software supply chain security services, escorting national information and software securit!