CN114880718A - Open source software vulnerability management method and device based on block chain - Google Patents

Open source software vulnerability management method and device based on block chain Download PDF

Info

Publication number
CN114880718A
CN114880718A CN202210547152.8A CN202210547152A CN114880718A CN 114880718 A CN114880718 A CN 114880718A CN 202210547152 A CN202210547152 A CN 202210547152A CN 114880718 A CN114880718 A CN 114880718A
Authority
CN
China
Prior art keywords
source software
open source
vulnerability
block chain
open
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210547152.8A
Other languages
Chinese (zh)
Inventor
薛贝娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210547152.8A priority Critical patent/CN114880718A/en
Publication of CN114880718A publication Critical patent/CN114880718A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

The specification relates to the technical field of block chains, and particularly discloses a block chain-based open source software vulnerability management method and device, wherein the method comprises the following steps: obtaining version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program; generating an open source software vulnerability list based on version data and vulnerability data corresponding to each open source software; sending the vulnerability list of the open source software to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, a plurality of block chain nodes correspond to the modules one by one, and the block chain nodes store open-source software version data used in the corresponding modules; polling open source software version data stored in each block chain node in a plurality of block chain nodes; and managing vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result. The scheme can realize automatic unified maintenance of the open source software bugs.

Description

Open source software vulnerability management method and device based on block chain
Technical Field
The present disclosure relates to the field of block chaining technologies, and in particular, to a method and an apparatus for managing vulnerabilities of open source software based on a block chaining.
Background
The number of open source software used in mobile banking product codes is large, the same open source software exists in different versions, the open source software of different versions has different security vulnerabilities, and the vulnerabilities all affect the product security. Due to the fact that the types, versions and vulnerability information of the open-source software are numerous, vulnerability management of the open-source software of the product is difficult, and unified maintenance is difficult.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the specification provides a method and a device for managing open-source software vulnerabilities based on a block chain, and aims to solve the problems that in the prior art, the open-source software vulnerabilities of products are difficult to manage and difficult to maintain in a unified mode.
An embodiment of the present specification provides an open source software vulnerability management method based on a block chain, which is applied to a vulnerability management system and includes:
obtaining version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program;
generating an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software;
sending the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one by one, and the block chain nodes are used for storing open source software version data used in the corresponding modules;
polling open source software version data stored in each of the plurality of blockchain nodes;
and managing vulnerability data in an open source software vulnerability list stored in the blockchain network according to the polling result.
In an embodiment, the open source software vulnerability list records version data corresponding to each open source software in the open source software and vulnerability data corresponding to the version data.
In one embodiment, polling the open source software version data stored in each of the plurality of blockchain nodes comprises:
polling the open source software version data stored in each block chain node in the plurality of block chain nodes at fixed time;
and according to the open source software version data obtained by polling, counting the version data currently used by each open source software in the open source software.
In one embodiment, managing vulnerability data in an open source software vulnerability list stored in the blockchain network according to a polling result includes:
comparing the currently used version data of each open source software in the open source software with the version data in the open source software vulnerability list;
and under the condition that the currently used version data does not contain the target version data in the open source software vulnerability list according to the comparison result, updating the vulnerability data corresponding to the target version data in the open source software vulnerability list into no vulnerability.
An embodiment of the present specification provides an open source software vulnerability management method based on a block chain, which is applied to a block chain network and includes:
receiving an open source software vulnerability list sent by a vulnerability management system, and performing distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program;
responding to a polling request sent by the vulnerability management system, and sending open source version data stored in each blockchain node in a plurality of blockchain nodes in the blockchain network to the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block chain link points one by one, and each block chain link point is used for storing open source software version data used in the corresponding module;
and receiving a polling result returned by the vulnerability management system, and managing an open source software vulnerability list stored in the block chain network according to the polling result.
In one embodiment, the method further comprises:
and under the condition that the open source software used in the module corresponding to the block chain link point is upgraded, updating the open source software version data stored in the block chain link point.
An embodiment of the present specification further provides an open source software vulnerability management apparatus based on a block chain, which is applied to a vulnerability management system, and includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program;
the generating module is used for generating an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software;
the sending module is used for sending the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one by one, and the block chain nodes are used for storing open source software version data used in the corresponding modules;
the polling module is used for polling open-source software version data stored in each block chain node in the plurality of block chain nodes;
and the management module is used for managing vulnerability data in the open source software vulnerability list stored in the block chain network according to the polling result.
An embodiment of the present specification further provides an open source software vulnerability management apparatus based on a block chain, which is applied to a block chain network, and includes:
the receiving module is used for receiving an open source software vulnerability list sent by a vulnerability management system and performing distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program;
the transmitting module is used for responding to a polling request sent by the vulnerability management system and transmitting the open source version data stored in each block chain node in a plurality of block chain nodes in the block chain network to the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block chain link points one by one, and each block chain link point is used for storing open source software version data used in the corresponding module;
and the management module is used for receiving a polling result returned by the vulnerability management system and managing an open source software vulnerability list stored in the block chain network according to the polling result.
An embodiment of the present specification further provides a computer device, including a processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the steps of the block chain-based open source software vulnerability management method in any of the above embodiments.
Embodiments of the present specification further provide a computer-readable storage medium, on which computer instructions are stored, where the instructions, when executed, implement the steps of the block chain-based open source software vulnerability management method described in any of the above embodiments.
Embodiments of the present specification further provide a computer program product, which includes a computer program/instruction, and when executed by a processor, the computer program/instruction implements the steps of the block chain-based open source software vulnerability management method described in any of the above embodiments.
In an embodiment of the present specification, a vulnerability management method for open source software based on a block chain is provided, where a vulnerability management system may obtain version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program, generate an open source software vulnerability list based on the version data and vulnerability data corresponding to each open source software, send the open source software vulnerability list to a block chain network for distributed storage, where the block chain network includes a plurality of block chain nodes, the target application program includes a plurality of modules, the plurality of block chain nodes correspond to the plurality of modules one to one, the block chain nodes are used to store the open source software version data used in the corresponding modules, poll the open source software version data stored in each block chain node in the plurality of block chain nodes, and according to a polling result, and managing vulnerability data in an open source software vulnerability list stored in the blockchain network. In the scheme, the open source software vulnerability list is sent to the block chain network for distributed storage, the open source software vulnerability list can be shared by using the block chain, malicious tampering of the vulnerability list can be prevented, open source software version data used in each module in a plurality of modules in the target application program are stored in corresponding block chain nodes, the open source software version data used by each module can be obtained by polling the block chain nodes, and then the open source vulnerability list is managed according to a polling result. By the scheme, the technical problems that the existing open source software vulnerability of the product is difficult to manage and difficult to maintain in a unified mode are solved, and the technical effects that the open source software vulnerability is maintained in a unified mode automatically, the management cost is saved, and the product safety quality is improved are achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification, are incorporated in and constitute a part of this specification, and are not intended to limit the specification. In the drawings:
fig. 1 is a flowchart illustrating a block chain-based open source software vulnerability management method in an embodiment of the present specification;
FIG. 2 is a flowchart illustrating a block chain-based open source software vulnerability management method in an embodiment of the present specification;
FIG. 3 is a schematic diagram illustrating an apparatus for block chain-based open source software vulnerability management in an embodiment of the present specification;
FIG. 4 is a schematic diagram illustrating an apparatus for block chain-based open source software vulnerability management in an embodiment of the present specification;
FIG. 5 shows a schematic diagram of a computer device in one embodiment of the present description.
Detailed Description
The principles and spirit of the present description will be described below with reference to several exemplary embodiments. It is understood that these embodiments are given solely to enable those skilled in the art to better understand and to implement the present description, and are not intended to limit the scope of the present description in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present description may be embodied as a system, an apparatus, a method, or a computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
The traditional open-source software vulnerability management method is still maintained through a common table, and after a low-version vulnerability is repaired each time, a high-version vulnerability needs to be added again, so that the workload is large. In addition, the traditional open source software vulnerability is manually maintained by recording, so that the maintenance efficiency is low, and errors are easy to occur. In order to solve the above problems, embodiments of the present specification provide an automated open-source software vulnerability management method based on a block chain technology, which is more efficient and convenient, and saves time for developers.
Based on this, the embodiments of the present specification provide an open source software vulnerability management method based on a block chain, which is applied to a vulnerability management system. Fig. 1 shows a flowchart of an open-source software vulnerability management method based on a block chain in an embodiment of the present specification. Although the present specification provides method operational steps or apparatus configurations as illustrated in the following examples or figures, more or fewer operational steps or modular units may be included in the methods or apparatus based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution sequence of the steps or the module structure of the apparatus is not limited to the execution sequence or the module structure described in the embodiments and shown in the drawings. When the described method or module structure is applied in an actual device or end product, the method or module structure according to the embodiments or shown in the drawings can be executed sequentially or executed in parallel (for example, in a parallel processor or multi-thread processing environment, or even in a distributed processing environment).
Specifically, as shown in fig. 1, an embodiment of the present specification provides a block chain-based open source software vulnerability management method, which includes the following steps:
step S101, obtaining version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program.
The vulnerability management system can be an electronic device with the functions of operation and network interaction; software may also be provided that runs in the electronic device to support data processing and network interaction.
The vulnerability management system can obtain version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program. Wherein the version data may include a plurality of version numbers of the open source software. The vulnerability data may include vulnerabilities that exist for each version of open source software.
The vulnerability management system may obtain version data and vulnerability data of a plurality of open source software used in the application from a target application log. The vulnerability management system may also receive developer input of version data and vulnerability data for a plurality of open source software used in the target application.
And S102, generating an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software.
After the version data and the vulnerability data corresponding to each open source software are obtained, an open source software vulnerability list can be generated based on the version data and the vulnerability data.
In some embodiments of the present specification, the open source software vulnerability list records version data corresponding to each open source software in the open source software and vulnerability data corresponding to the version data.
In some embodiments of this specification, the version data corresponding to the open source software in the open source software of the poison dog, the bug data corresponding to the version data, and the number of modules of the application program adopting the version are recorded in the open source software bug list.
Step S103, sending the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one to one, and the block chain nodes are used for storing open source software version data used in the corresponding modules.
After generating the open-source software vulnerability list, the vulnerability management system may send the open-source software vulnerability list to the blockchain network for distributed storage, so as to share the open-source software vulnerability list in the blockchain network. By storing the open source software vulnerability manifest in the blockchain network, malicious tampering of the open source software vulnerability manifest can be prevented.
A plurality of blockchain nodes may be included in the blockchain network. The target application may include a plurality of modules therein. For example, the mobile banking application program may include: credit card module, transfer module, financing module, foreign exchange module, etc. Block chain nodes may correspond one-to-one to modules. The blockchain node may be used to store open source software version data used in the corresponding module. The open source software version data may include the name of the open source software and the corresponding version number.
And step S104, polling the open source software version data stored in each block chain node in the plurality of block chain nodes.
And S105, managing vulnerability data in the open source software vulnerability list stored in the block chain network according to the polling result.
The vulnerability management system can poll the open source software version data stored in each block chain node in the plurality of block chain nodes, so that the version data used by the modules in the target application program are counted, and a polling result is obtained. And then, the vulnerability management system can manage vulnerability data in an open source software vulnerability list stored in the blockchain network according to the polling result. For example, the vulnerability data in the vulnerability manifest may be updated and maintained.
In the embodiment, the open source software vulnerability list is sent to the blockchain network for distributed storage, the open source software vulnerability list can be shared by using the blockchain, malicious tampering of the vulnerability list can be prevented, open source software version data used by each module in a plurality of modules in the target application program are stored in the corresponding blockchain nodes, the open source software version data used by each module can be obtained by polling the blockchain nodes, and then the open source vulnerability list is managed according to the polling result, so that automatic unified maintenance of open source software vulnerabilities is realized.
In some embodiments of the present description, polling the open-source software version data stored in each of the plurality of blockchain nodes may include: polling the open source software version data stored in each block chain node in the plurality of block chain nodes at fixed time; and according to the open source software version data obtained by polling, counting the version data currently used by each open source software in the open source software.
Considering that the open source software version used by each module in the target application program can be updated in real time, the vulnerability management system polls the open source software version data stored in each block chain node in the plurality of block chain nodes at regular time. The version data currently used by each open source software in the open source software can be counted according to the open source software version data obtained by polling. And then, updating and managing the vulnerability list of the open source software stored in the block chain network according to the currently used version data of each open source software in the plurality of open source software. By the method, the open source software vulnerability list can be managed in real time.
In some embodiments of the present description, managing vulnerability data in an open source software vulnerability list stored in the blockchain network according to a polling result may include: comparing the version data currently used by each open source software in the open source software with the version data in the open source software vulnerability list; and under the condition that the currently used version data does not contain the target version data in the open source software vulnerability list according to the comparison result, updating the vulnerability data corresponding to the target version data in the open source software vulnerability list into no vulnerability.
After the version data currently used by each open source software in the open source software is obtained, the version data currently used by the open source software in the open source software can be compared with the version data in the vulnerability list of the open source software. Under the condition that the currently used version data does not contain the target version data in the open source software vulnerability list, the vulnerability data corresponding to the target version data in the open source vulnerability list can be updated to be free of vulnerabilities. That is, after each module in the target application does not use software of a certain version, the bug corresponding to the version does not exist in the target application. By the method, the open source vulnerability list can be updated in time, so that developers can know the current vulnerability condition intuitively and quickly.
The embodiment of the specification provides an open source software vulnerability management method based on a block chain, which is applied to a block chain network. Fig. 2 is a flowchart illustrating a block chain-based open-source software vulnerability management method in an embodiment of the present specification.
Specifically, as shown in fig. 2, an embodiment of the present specification provides a block chain-based open source software vulnerability management method, which includes the following steps:
step S201, receiving an open source software vulnerability list sent by a vulnerability management system, and performing distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program.
Step S202, in response to a polling request sent by the vulnerability management system, sending open source version data stored in each block chain node in a plurality of block chain nodes in the block chain network to the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block chain link points one by one, and each block chain link point is used for storing open source software version data used in the corresponding module.
Step S203, receiving a polling result returned by the vulnerability management system, and managing an open source software vulnerability list stored in the block chain network according to the polling result.
In the embodiment, the open source software vulnerability list is sent to the blockchain network for distributed storage, the open source software vulnerability list can be shared by using the blockchain, malicious tampering of the vulnerability list can be prevented, open source software version data used by each module in a plurality of modules in the target application program are stored in the corresponding blockchain nodes, the open source software version data used by each module can be obtained by polling the blockchain nodes, and then the open source vulnerability list is managed according to the polling result, so that automatic unified maintenance of open source software vulnerabilities is realized.
In some embodiments of the present description, the method for managing an open-source software vulnerability may further include: and under the condition that the open source software used in the module corresponding to the block chain link point is upgraded, updating the open source software version data stored in the block chain link point. In consideration of real-time update of the software version used by each module in the target application program, the open source software version data stored in the block link point corresponding to a certain module can be updated when the open source software used by the module is updated. By the method, the open source software version data of each module stored in the block chain node can be updated in real time.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. For details, reference may be made to the description of the related embodiments of the related processing, and details are not repeated herein.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above method is described below with reference to a specific example, however, it should be noted that the specific example is only for better describing the present specification and should not be construed as an undue limitation on the present specification.
The embodiment of the specification provides a method for managing the vulnerability of the open source software of the mobile phone bank based on the block chain technology, which can realize automatic unified maintenance of the vulnerability of the open source software and complete repair, save the management cost and improve the safety quality of products. And when all the nodes do not have the version bug, updating the block chain open source software bug list, closing the bug, starting next polling, and tracking bug repair of the next version.
And the block chaining source software vulnerability list is used for counting the vulnerabilities of all versions of open source software used under the current product. And the open source software vulnerability management polling system polls the vulnerabilities on the block chain open source software vulnerability list every 1 hour and automatically closes the repaired vulnerabilities. In the product sub-module block chain nodes, each node is used for recording the current open-source software version used by the sub-module.
For example, there are 20 sub-modules (such as credit card module, transfer module, foreign exchange module, etc.) in a mobile banking product, and the 20 sub-modules introduce 3 open source software: open source software a, open source software B, open source software C (for example only, the actual number may be thousands).
The versions of the open source software A are 1.1, 1.2 and 1.3, the versions of the open source software B are 2.2.1, 2.2.2 and 2.2.3, and the versions of the open source software C are 3.3.1, 3.3.2 and 3.3.3. The 1.1 version of the open source software A has a vulnerability A1, the 1.2 version has a vulnerability A2, and the 1.3 version has a vulnerability A3. The 2.2.1 version of the open source software B has a vulnerability B1, the 2.2.2 version has a vulnerability B2, and the 2.2.3 version has no vulnerability. The 3.3.1 version of the open source software C has a vulnerability C1, the 3.3.2 version has no vulnerability, and the 3.3.3 version has no vulnerability.
Based on this, the generated open source software vulnerability management manifest is shown in table 1 below. The open source software vulnerability management list can be sent to the blockchain network for storage.
TABLE 1
Figure BDA0003653041870000101
Each sub-module under the mobile banking product is a block chain node, and each node records the current version condition of the open source software used by the current module. For example, the node of the module 1 records that the version of the open source software a is 1.1, the node of the module 2 records that the version of the open source software a is 1.2, and the node of the module 3 records that the version of the open source software a is 1.1, as shown in table 2.
TABLE 2
Figure BDA0003653041870000102
Figure BDA0003653041870000111
And polling each node every 1 hour by the open-source software vulnerability management polling system according to the minimum vulnerability version in the open-source software vulnerability management list, and when the current version exists in the node, indicating that the vulnerability is not repaired.
If the lowest version in the open source software vulnerability management list is 1.1 in the open source software A, and in 3 sub-modules, the 1.1 version is used in both the module 1 and the module 3, the vulnerability is not repaired.
When the version of the open source software a of the module 1 is upgraded from 1.1 to 1.2, the version of the open source software a of the module 3 is upgraded from 1.1 to 1.3, and the latest version condition of each node updating itself is shown in table 3.
TABLE 3
Module Open source software version A
Module 1 1.2
Module 2 1.2
Module 3 1.3
When the open source software polls, when all the nodes do not have the 1.1 version of the open source software A, the 1.1 version vulnerability of the open source software A is repaired, the vulnerability management list of the open source software A is updated, the 1.1 version vulnerability of the open source software A is closed, and the updated vulnerability management list of the open source software A is shown in the table 4.
TABLE 4
Figure BDA0003653041870000112
Other open source software version vulnerabilities are polled using the same method. And continuously and regularly polling the block chain nodes to master the open source software vulnerability condition of the target application program in real time.
In the embodiment, the open-source software vulnerability list is shared by the block chain, the open-source software vulnerabilities of all the nodes are periodically polled, automatic maintenance of the open-source software vulnerability list is achieved, and in addition, the vulnerability list is shared by the block chain, so that all the modules can be prevented from randomly modifying the vulnerability list.
Based on the same inventive concept, an embodiment of the present specification further provides a block chain-based open-source software vulnerability management apparatus, which is applied to a vulnerability management system, as described in the following embodiments. Because the principle of solving the problem of the open-source software vulnerability management device based on the block chain is similar to that of the open-source software vulnerability management method based on the block chain, the implementation of the open-source software vulnerability management device based on the block chain can refer to the implementation of the open-source software vulnerability management method based on the block chain, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Fig. 3 is a block diagram of a structure of an open-source software vulnerability management apparatus based on a blockchain according to an embodiment of the present specification, as shown in fig. 3, including: the following describes the configuration of the acquisition module 301, the generation module 302, the transmission module 303, the polling module 304, and the management module 305.
The obtaining module 301 is configured to obtain version data and vulnerability data corresponding to each open source software in multiple open source software used in the target application program;
the generating module 302 is configured to generate an open-source software vulnerability list based on the version data and the vulnerability data corresponding to each open-source software;
the sending module 303 is configured to send the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one by one, and the block chain nodes are used for storing open source software version data used in the corresponding modules;
the polling module 304 is configured to poll the open-source software version data stored in each of the blockchain nodes;
the management module 305 is configured to manage vulnerability data in an open source software vulnerability list stored in the blockchain network according to the polling result.
In some embodiments of the present specification, the open source software vulnerability list records version data corresponding to each open source software in the open source software and vulnerability data corresponding to the version data.
In some embodiments of the present description, the polling module may be specifically configured to: polling the open source software version data stored in each block chain node in the plurality of block chain nodes at fixed time; and according to the open source software version data obtained by polling, counting the version data currently used by each open source software in the open source software.
In some embodiments of the present description, the management module may be specifically configured to: comparing the currently used version data of each open source software in the open source software with the version data in the open source software vulnerability list; and under the condition that the currently used version data does not contain the target version data in the open source software vulnerability list according to the comparison result, updating the vulnerability data corresponding to the target version data in the open source software vulnerability list into no vulnerability.
Based on the same inventive concept, an embodiment of the present specification further provides a device for managing an open-source software vulnerability based on a blockchain, which is applied to a blockchain network, as described in the following embodiments. Because the principle of solving the problem of the open-source software vulnerability management device based on the block chain is similar to that of the open-source software vulnerability management method based on the block chain, the implementation of the open-source software vulnerability management device based on the block chain can refer to the implementation of the open-source software vulnerability management method based on the block chain, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware or a combination of software and hardware is also possible and contemplated. Fig. 4 is a block diagram of a structure of an open-source software vulnerability management apparatus based on a blockchain according to an embodiment of the present specification, as shown in fig. 4, including: the following describes the configuration of the receiving module 401, the transmitting module 402, and the management module 403.
The receiving module 401 is configured to receive an open source software vulnerability list sent by a vulnerability management system, and perform distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program.
The sending module 402 is configured to send, to the vulnerability management system, open source version data stored in each of a plurality of blockchain nodes in the blockchain network in response to a polling request sent by the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block link points one by one, and each block link point is used for storing open source software version data used in the corresponding module.
The management module 403 is configured to receive a polling result returned by the vulnerability management system, and manage an open source software vulnerability list stored in the blockchain network according to the polling result.
In some embodiments of the present specification, the apparatus may further include an updating module, where the updating module may be specifically configured to update the open source software version data stored in the block chain node when the open source software used in the module corresponding to the block chain node is updated.
From the above description, it can be seen that the embodiments of the present specification achieve the following technical effects: the vulnerability management system can acquire version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program, generate an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software, send the open source software vulnerability list to a block chain network for distributed storage, the blockchain network includes a plurality of blockchain nodes therein, the target application includes a plurality of modules, the plurality of block chain nodes correspond to the plurality of modules one by one, the block chain nodes are used for storing open source software version data used in the corresponding modules, polling the open source software version data stored in each block chain node in the plurality of block chain nodes, and according to the polling result, and managing vulnerability data in an open source software vulnerability list stored in the blockchain network. In the scheme, the open source software vulnerability list is sent to the block chain network for distributed storage, the open source software vulnerability list can be shared by using the block chain, malicious tampering of the vulnerability list can be prevented, open source software version data used in each module in a plurality of modules in the target application program are stored in corresponding block chain nodes, the open source software version data used by each module can be obtained by polling the block chain nodes, and then the open source vulnerability list is managed according to a polling result. By the scheme, the technical problems that the existing open source software vulnerability of the product is difficult to manage and difficult to maintain in a unified mode are solved, and the technical effects that the open source software vulnerability is maintained in a unified mode automatically, the management cost is saved, and the product safety quality is improved are achieved.
The embodiment of the present specification further provides a computer device, which may specifically refer to a schematic structural diagram of a computer device based on the block chain-based open source software vulnerability management method provided in the embodiment of the present specification, shown in fig. 5, where the computer device may specifically include an input device 51, a processor 52, and a memory 53. Wherein the memory 53 is configured to store processor-executable instructions. The processor 52, when executing the instructions, implements the steps of the block chain-based open source software vulnerability management method described in any of the embodiments above.
In this embodiment, the input device may be one of the main apparatuses for information exchange between a user and a computer system. The input device may include a keyboard, a mouse, a camera, a scanner, a light pen, a handwriting input board, a voice input device, etc.; the input device is used to input raw data and a program for processing the data into the computer. The input device can also acquire and receive data transmitted by other modules, units and devices. The processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The memory may in particular be a memory device used in modern information technology for storing information. The memory may include multiple levels, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
In this embodiment, the functions and effects of the specific implementation of the computer device can be explained in comparison with other embodiments, and are not described herein again.
The present specification further provides a computer storage medium of an open source software vulnerability management method based on a block chain, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the steps of the open source software vulnerability management method based on a block chain in any of the above embodiments are implemented.
In the present embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer program product, which includes a computer program/instruction, and when executed by a processor, the computer program/instruction implements the steps of the block chain-based open source software vulnerability management method described in any of the above embodiments.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the present specification described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed over a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different from that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, embodiments of the present description are not limited to any specific combination of hardware and software.
It is to be understood that the above description is intended to be illustrative, and not restrictive. Many embodiments and many applications other than the examples provided will be apparent to those of skill in the art upon reading the above description. The scope of the description should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
The above description is only a preferred embodiment of the present disclosure, and is not intended to limit the present disclosure, and it will be apparent to those skilled in the art that various modifications and variations can be made in the embodiment of the present disclosure. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present specification shall be included in the protection scope of the present specification.

Claims (11)

1. An open source software vulnerability management method based on a block chain is characterized by being applied to a vulnerability management system and comprising the following steps:
obtaining version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program;
generating an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software;
sending the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one by one, and the block chain nodes are used for storing open source software version data used in the corresponding modules;
polling open source software version data stored in each of the plurality of blockchain nodes;
and managing vulnerability data in an open source software vulnerability list stored in the blockchain network according to the polling result.
2. The open-source software vulnerability management method according to claim 1, wherein the open-source software vulnerability list records version data corresponding to each open-source software in the plurality of open-source software and vulnerability data corresponding to the version data.
3. The open-source software vulnerability management method of claim 1, wherein polling open-source software version data stored in each of the plurality of blockchain nodes comprises:
polling the open source software version data stored in each block chain node in the plurality of block chain nodes at fixed time;
and according to the open source software version data obtained by polling, counting the version data currently used by each open source software in the open source software.
4. The open-source software vulnerability management method according to claim 3, wherein managing vulnerability data in the open-source software vulnerability manifest stored in the blockchain network according to polling results comprises:
comparing the currently used version data of each open source software in the open source software with the version data in the open source software vulnerability list;
and under the condition that the currently used version data does not contain the target version data in the open source software vulnerability list according to the comparison result, updating the vulnerability data corresponding to the target version data in the open source software vulnerability list into no vulnerability.
5. An open source software vulnerability management method based on a block chain is characterized by being applied to a block chain network and comprising the following steps:
receiving an open source software vulnerability list sent by a vulnerability management system, and performing distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program;
responding to a polling request sent by the vulnerability management system, and sending open source version data stored in each blockchain node in a plurality of blockchain nodes in the blockchain network to the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block chain link points one by one, and each block chain link point is used for storing open source software version data used in the corresponding module;
and receiving a polling result returned by the vulnerability management system, and managing an open source software vulnerability list stored in the block chain network according to the polling result.
6. The open-source software vulnerability management method of claim 5, further comprising:
and under the condition that the open source software used in the module corresponding to the block chain link point is upgraded, updating the open source software version data stored in the block chain link point.
7. The utility model provides an open source software vulnerability management device based on block chain which characterized in that is applied to the vulnerability management system, includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program;
the generating module is used for generating an open source software vulnerability list based on the version data and the vulnerability data corresponding to each open source software;
the sending module is used for sending the open source software vulnerability list to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, the plurality of block chain nodes correspond to the modules one by one, and the block chain nodes are used for storing open source software version data used in the corresponding modules;
the polling module is used for polling open-source software version data stored in each block chain node in the plurality of block chain nodes;
and the management module is used for managing vulnerability data in the open source software vulnerability list stored in the block chain network according to the polling result.
8. The utility model provides an open source software vulnerability management device based on block chain which characterized in that is applied to the block chain network, includes:
the receiving module is used for receiving an open source software vulnerability list sent by a vulnerability management system and performing distributed storage on the open source software vulnerability list; the open source software vulnerability list is generated based on version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application program;
the transmitting module is used for responding to a polling request sent by the vulnerability management system and transmitting the open source version data stored in each block chain node in a plurality of block chain nodes in the block chain network to the vulnerability management system; the target application program comprises a plurality of modules, the modules correspond to the block chain link points one by one, and each block chain link point is used for storing open source software version data used in the corresponding module;
and the management module is used for receiving a polling result returned by the vulnerability management system and managing an open source software vulnerability list stored in the block chain network according to the polling result.
9. A computer device comprising a processor and a memory for storing processor-executable instructions that, when executed by the processor, implement the steps of the method of any one of claims 1 to 6.
10. A computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the steps of the method of any one of claims 1 to 6.
11. A computer program product comprising computer programs/instructions, characterized in that the computer programs/instructions, when executed by a processor, implement the steps of the method of any of claims 1 to 6.
CN202210547152.8A 2022-05-19 2022-05-19 Open source software vulnerability management method and device based on block chain Pending CN114880718A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210547152.8A CN114880718A (en) 2022-05-19 2022-05-19 Open source software vulnerability management method and device based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210547152.8A CN114880718A (en) 2022-05-19 2022-05-19 Open source software vulnerability management method and device based on block chain

Publications (1)

Publication Number Publication Date
CN114880718A true CN114880718A (en) 2022-08-09

Family

ID=82676790

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210547152.8A Pending CN114880718A (en) 2022-05-19 2022-05-19 Open source software vulnerability management method and device based on block chain

Country Status (1)

Country Link
CN (1) CN114880718A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116032527A (en) * 2022-11-08 2023-04-28 广东广信通信服务有限公司 Cloud computing-based data security vulnerability sensing system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116032527A (en) * 2022-11-08 2023-04-28 广东广信通信服务有限公司 Cloud computing-based data security vulnerability sensing system and method

Similar Documents

Publication Publication Date Title
CN107317730B (en) Method, equipment and system for monitoring state of block chain node
CN109284217A (en) Application exception processing method, device, electronic equipment and storage medium
US11599408B2 (en) Technology system auto-recovery and optimality engine and techniques
CN108566290B (en) Service configuration management method, system, storage medium and server
US20080126439A1 (en) Change verification in a configuration management database
US8639818B1 (en) System and method for reliable and timely task completion in a distributed computing environment
US20110296394A1 (en) Systems and methods for generating cached representations of encoded package profile
US8738966B2 (en) Change management system and method
CN110457197B (en) Service testing method, device, computer equipment and storage medium
CN102105848A (en) A resource manager for managing hardware resources
CN111026602A (en) Health inspection scheduling management method and device of cloud platform and electronic equipment
CN109885612B (en) Synchronous validation method and device for intelligent contracts of block chains
CN109672553A (en) Gateway Dynamic Configuration, system, computer equipment and storage medium
CN114880718A (en) Open source software vulnerability management method and device based on block chain
CN109298924A (en) Management method, computer readable storage medium and the terminal device of timed task
CN110705893A (en) Service node management method, device, equipment and storage medium
CN113760677A (en) Abnormal link analysis method, device, equipment and storage medium
US20130173961A1 (en) Memory-leak identification
CN110399264B (en) FRU information management method, device and equipment
US10122602B1 (en) Distributed system infrastructure testing
CN105528230A (en) Method and device for setting configuration parameters
CN110413398B (en) Task scheduling method and device, computer equipment and storage medium
CN112131188A (en) Batch file distribution processing method and device
CN114896128A (en) Application program performance testing method and device based on block chain
US20140310209A1 (en) Apparatus and method for sharing topic between autonomic computing devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination