CN114880718A - Open source software vulnerability management method and device based on block chain - Google Patents

Abstract

The specification relates to the technical field of block chains, and particularly discloses a block chain-based open source software vulnerability management method and device, wherein the method comprises the following steps: obtaining version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application program; generating an open source software vulnerability list based on version data and vulnerability data corresponding to each open source software; sending the vulnerability list of the open source software to a block chain network for distributed storage; the block chain network comprises a plurality of block chain nodes, the target application program comprises a plurality of modules, a plurality of block chain nodes correspond to the modules one by one, and the block chain nodes store open-source software version data used in the corresponding modules; polling open source software version data stored in each block chain node in a plurality of block chain nodes; and managing vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result. The scheme can realize automatic unified maintenance of the open source software bugs.

Description

Blockchain-based open source software vulnerability management method and device

technical field

This specification relates to the field of blockchain technology, in particular to a method and device for open source software vulnerability management based on blockchain.

Background technique

There are a large number of open source software used in mobile banking product codes. The same open source software has different versions, and different versions of open source software have different security loopholes, and these loopholes will affect product security. Due to the large number of types, versions, and vulnerability information of open source software, it is difficult to manage open source software vulnerabilities in products, and it is difficult to maintain uniformly.

For the above problems, no effective solution has been proposed yet.

SUMMARY OF THE INVENTION

The embodiments of this specification provide a method and device for open source software vulnerability management based on blockchain, so as to solve the problems of difficulty in managing open source software vulnerabilities in products and difficult unified maintenance in the prior art.

The embodiments of this specification provide a blockchain-based open source software vulnerability management method, which is applied to a vulnerability management system, including:

Obtain the version data and vulnerability data corresponding to each open source software among multiple open source software used in the target application;

generating an open source software vulnerability list based on the version data and vulnerability data corresponding to each open source software;

Send the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, and the multiple blockchains The nodes are in one-to-one correspondence with the multiple modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules;

polling the open source software version data stored in each of the plurality of blockchain nodes;

According to the polling result, the vulnerability data in the open source software vulnerability list stored in the blockchain network is managed.

In one embodiment, the open source software vulnerability list records version data corresponding to each open source software in the plurality of open source software and vulnerability data corresponding to the version data.

In one embodiment, polling the open source software version data stored in each of the plurality of blockchain nodes includes:

regularly polling the open source software version data stored in each of the plurality of blockchain nodes;

According to the open source software version data obtained by polling, statistics on the version data currently used by each open source software in the plurality of open source software.

In one embodiment, according to the polling result, the vulnerability data in the open source software vulnerability list stored in the blockchain network is managed, including:

comparing the version data currently used by each open source software in the plurality of open source software with the version data in the open source software vulnerability list;

If it is determined according to the comparison result that the currently used version data does not contain the target version data in the open source software vulnerability list, update the vulnerability data corresponding to the target version data in the open source software vulnerability list to no vulnerability .

The embodiments of this specification provide a blockchain-based open source software vulnerability management method, which is applied to a blockchain network, including:

Receive the open source software vulnerability list sent by the vulnerability management system, and store the open source software vulnerability list in a distributed manner; the open source software vulnerability list is based on version data corresponding to each open source software in a plurality of open source software used in the target application and vulnerability data generated;

In response to the polling request sent by the vulnerability management system, the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network is sent to the vulnerability management system; the target application The program includes a plurality of modules, and the plurality of modules are in one-to-one correspondence with the plurality of blockchain nodes, and the blockchain nodes are used to store open source software version data used in the corresponding modules;

Receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result.

In one embodiment, the method further includes:

When the open source software used in the module corresponding to the blockchain node is upgraded, the open source software version data stored in the blockchain node is updated.

The embodiments of this specification also provide a blockchain-based open source software vulnerability management device, which is applied to a vulnerability management system, including:

The acquisition module is used to acquire the version data and vulnerability data corresponding to each open source software in the multiple open source software used in the target application;

a generating module, configured to generate an open source software vulnerability list based on the version data and vulnerability data corresponding to the open source software;

a sending module for sending the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, the The plurality of blockchain nodes are in one-to-one correspondence with the plurality of modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules;

A polling module for polling open source software version data stored in each of the plurality of blockchain nodes;

The management module is used to manage the vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result.

The embodiments of this specification also provide a blockchain-based open source software vulnerability management device, which is applied to a blockchain network, including:

The receiving module is used to receive the open source software vulnerability list sent by the vulnerability management system, and perform distributed storage on the open source software vulnerability list; the open source software vulnerability list is based on each open source software used in the target application. The version data and vulnerability data corresponding to the software are generated;

A sending module, configured to send, to the vulnerability management system, the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network in response to a polling request sent by the vulnerability management system ; The target application program includes a plurality of modules, and the plurality of modules are in one-to-one correspondence with the plurality of blockchain nodes, and each blockchain node is used to store the open source software version data used in the corresponding modules;

The management module is configured to receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result.

Embodiments of this specification further provide a computer device, including a processor and a memory for storing instructions executable by the processor, when the processor executes the instructions, the open source blockchain-based blockchain described in any of the foregoing embodiments is implemented. Steps of a software vulnerability management methodology.

Embodiments of the present specification further provide a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed, implement the steps of the blockchain-based open source software vulnerability management method described in any of the foregoing embodiments.

Embodiments of this specification also provide a computer program product, including computer programs/instructions, when the computer program/instructions are executed by a processor, the steps of the block chain-based open source software vulnerability management method described in any of the foregoing embodiments are implemented. .

In the embodiment of this specification, a blockchain-based open source software vulnerability management method is provided, and the vulnerability management system can obtain version data and vulnerability data corresponding to each open source software in a plurality of open source software used in a target application, based on The version data and vulnerability data corresponding to each open source software, generate an open source software vulnerability list, and send the open source software vulnerability list to a blockchain network for distributed storage, where the blockchain network includes multiple blockchains node, the target application program includes multiple modules, the multiple blockchain nodes are in one-to-one correspondence with the multiple modules, and the blockchain nodes are used to store the open source software version data used in the corresponding modules. query the open source software version data stored in each of the plurality of blockchain nodes, and manage the vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result. In the above scheme, the open source software vulnerability list is sent to the blockchain network for distributed storage, and the open source software vulnerability list can be shared by using the blockchain, and the vulnerability list can also be prevented from being maliciously tampered with. The open source software version data used in each module in multiple modules is stored in the corresponding blockchain node, so that the open source software version data used by each module can be obtained by polling the blockchain nodes, and then open source vulnerabilities can be identified according to the polling results. list to manage. The above solution solves the technical problems of difficulty in managing open source software vulnerabilities in existing products and is difficult to maintain uniformly, and achieves the technical effect of realizing automatic and unified maintenance of open source software vulnerabilities, saving management costs, and improving product security quality.

Description of drawings

The accompanying drawings described herein are used to provide a further understanding of the present specification, and constitute a part of the present specification, and do not constitute a limitation to the present specification. In the attached image:

FIG. 1 shows a flowchart of a method for managing open source software vulnerabilities based on blockchain in an embodiment of the present specification;

FIG. 2 shows a flowchart of a method for managing open source software vulnerabilities based on blockchain in an embodiment of the present specification;

FIG. 3 shows a schematic diagram of a block chain-based open source software vulnerability management apparatus in an embodiment of the present specification;

FIG. 4 shows a schematic diagram of a block chain-based open source software vulnerability management device in an embodiment of the present specification;

FIG. 5 shows a schematic diagram of a computer device in an embodiment of the present specification.

Detailed ways

The principles and spirit of this specification will now be described with reference to several exemplary embodiments. It should be understood that these embodiments are given only to enable those skilled in the art to better understand and implement the present specification, but not to limit the scope of the present specification in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

Those skilled in the art will appreciate that the embodiments of the present specification can be implemented as a system, apparatus, method or computer program product. Accordingly, the present disclosure may be embodied in the form of entirely hardware, entirely software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.

The traditional open source software vulnerability management method is still maintained through ordinary forms, and each time a low-version vulnerability is repaired, a new high-version vulnerability needs to be added, and the workload is heavy. In addition, the traditional open source software vulnerabilities are manually recorded and maintained manually, which is inefficient and prone to errors. In order to solve the above problems, the embodiments of this specification provide an automatic open source software vulnerability management method based on blockchain technology, which is more efficient and convenient, and saves time for developers.

Based on this, the embodiments of this specification provide a blockchain-based open source software vulnerability management method, which is applied to a vulnerability management system. FIG. 1 shows a flow chart of a method for vulnerability management of open source software based on blockchain in an embodiment of the present specification. Although the present specification provides method operation steps or device structures as shown in the following embodiments or drawings, more or less operation steps or module units may be included in the method or device based on routine or no creative effort. . In the steps or structures that logically do not have a necessary causal relationship, the execution sequence of these steps or the module structure of the device is not limited to the execution sequence or module structure described in the embodiments of this specification and shown in the accompanying drawings. When the described method or module structure is applied in an actual device or terminal product, it can be executed sequentially or in parallel (for example, a parallel processor or multi-threaded processing method) according to the connection of the method or module structure shown in the embodiments or the accompanying drawings. environments, even distributed processing environments).

Specifically, as shown in FIG. 1 , the blockchain-based open source software vulnerability management method provided by an embodiment of this specification may include the following steps:

Step S101 , acquiring version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application.

The vulnerability management system can be an electronic device with computing and network interaction functions; it can also be software that runs in the electronic device and provides support for data processing and network interaction.

The vulnerability management system can obtain version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application. The version data may include multiple version numbers of the open source software. Vulnerability data may include vulnerabilities in various versions of open source software.

The vulnerability management system can obtain version data and vulnerability data of multiple open source software used in the application from the target application log. The vulnerability management system may also receive developer input version data and vulnerability data for multiple open source software used in the target application.

Step S102, generating an open source software vulnerability list based on the version data and vulnerability data corresponding to each open source software.

After obtaining the version data and vulnerability data corresponding to each open source software, an open source software vulnerability list can be generated based on the version data and the vulnerability data.

In some embodiments of this specification, the open source software vulnerability list records version data corresponding to each open source software in the plurality of open source software and vulnerability data corresponding to the version data.

In some embodiments of this specification, the open source software vulnerability list records the version data corresponding to the open source software in the Dugou open source software, the vulnerability data corresponding to the notebook data, and the modules of the application using this version. number.

Step S103, sending the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, and the multiple The blockchain nodes are in one-to-one correspondence with the multiple modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules.

After generating the open source software vulnerability list, the vulnerability management system may send the open source software vulnerability list to a blockchain network for distributed storage, so as to share the open source software vulnerability list in the blockchain network. By storing the open source software vulnerability list in the blockchain network, the open source software vulnerability list can be prevented from being maliciously tampered with.

A blockchain network can include multiple blockchain nodes. A target application can include multiple modules. For example, the mobile banking application may include: a credit card module, a transfer module, a wealth management module, a foreign exchange module, and the like. Blockchain nodes can correspond one-to-one with modules. Blockchain nodes can be used to store open source software version data used in corresponding modules. The open source software version data may include the name of the open source software and a corresponding version number.

Step S104, polling open source software version data stored in each blockchain node of the plurality of blockchain nodes.

Step S105, according to the polling result, manage the vulnerability data in the open source software vulnerability list stored in the blockchain network.

The vulnerability management system can poll the open source software version data stored in each blockchain node in multiple blockchain nodes, so as to collect statistics on the version data used by the modules in the target application, and obtain the polling result. After that, the vulnerability management system can manage the vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result. For example, vulnerability data in the vulnerability inventory can be updated and maintained.

In the above embodiment, the open source software vulnerability list is sent to the blockchain network for distributed storage, and the open source software vulnerability list can be shared by using the blockchain, and the vulnerability list can also be prevented from being maliciously tampered with. The open source software version data used in each module of the multiple modules is stored in the corresponding blockchain node, so that the open source software version data used by each module can be obtained by polling the blockchain node, and then the open source software version data used by each module can be obtained according to the polling result. The vulnerability list is managed, and the automatic and unified maintenance of open source software vulnerabilities is realized.

In some embodiments of this specification, polling the open source software version data stored in each of the plurality of blockchain nodes may include: periodically polling each of the plurality of blockchain nodes The open source software version data stored in the open source software; according to the open source software version data obtained by polling, statistics of the version data currently used by each open source software in the plurality of open source software.

Considering that the open source software version used by each module in the target application will be updated in real time, the vulnerability management system periodically polls the open source software version data stored in each blockchain node in multiple blockchain nodes. The version data currently used by each open source software in the plurality of open source software may be counted according to the open source software version data obtained by polling. After that, the list of open source software vulnerabilities stored in the blockchain network can be updated and managed according to the version data currently used by each open source software in the multiple open source software. In the above manner, the open source software vulnerability list can be managed in real time.

In some embodiments of this specification, according to the polling result, managing the vulnerability data in the open source software vulnerability list stored in the blockchain network may include: using each open source software currently used in the multiple open source software The version data of the open source software vulnerability list is compared with the version data in the open source software vulnerability list; if it is determined according to the comparison result that the currently used version data does not contain the target version data in the open source software vulnerability list, the open source software vulnerability list The vulnerability data in the manifest corresponding to the target version data is updated to be no vulnerability.

After obtaining the version data currently used by each open source software in the multiple open source software, the version data currently used by the open source software in the multiple open source software can be compared with the version data in the open source software vulnerability list. When it is determined that the currently used version data does not contain the target version data in the open source software vulnerability list, the vulnerability data corresponding to the target version data in the open source vulnerability list can be updated to be no vulnerability. That is, after each module in the target application program does not use a certain version of the software, the vulnerability corresponding to this version does not exist in the target application program. Through the above method, the open source vulnerability list can be updated in time, so that developers can intuitively and quickly understand the current vulnerability situation.

The embodiments of this specification provide a blockchain-based open source software vulnerability management method, which is applied to a blockchain network. FIG. 2 shows a flow chart of a method for vulnerability management of open source software based on blockchain in an embodiment of the present specification.

Specifically, as shown in FIG. 2 , the blockchain-based open source software vulnerability management method provided by an embodiment of this specification may include the following steps:

Step S201: Receive an open source software vulnerability list sent by the vulnerability management system, and perform distributed storage on the open source software vulnerability list; the open source software vulnerability list is based on the corresponding open source software among a plurality of open source software used in the target application. generated version data and vulnerability data.

Step S202, in response to the polling request sent by the vulnerability management system, send the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network to the vulnerability management system; The target application program includes multiple modules, and the multiple modules are in one-to-one correspondence with the multiple blockchain nodes, and the respective blockchain nodes are used to store open source software version data used in the corresponding modules.

Step S203: Receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result.

In the above embodiment, the open source software vulnerability list is sent to the blockchain network for distributed storage, and the open source software vulnerability list can be shared by using the blockchain, and the vulnerability list can also be prevented from being maliciously tampered with. The open source software version data used in each module of the multiple modules is stored in the corresponding blockchain node, so that the open source software version data used by each module can be obtained by polling the blockchain node, and then the open source software version data used by each module can be obtained according to the polling result. The vulnerability list is managed, and the automatic and unified maintenance of open source software vulnerabilities is realized.

In some embodiments of this specification, the open source software vulnerability management method may further include: in the case of upgrading the open source software used in the module corresponding to the blockchain node, updating the open source software stored in the blockchain node The version data is updated. Considering that the software version used by each module in the target application will be updated in real time, therefore, when the open source software used by a module is upgraded, the open source software version data stored in the blockchain node corresponding to the module can be updated. renew. In the above manner, the open source software version data of each module stored in the blockchain node can be updated in real time.

Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. For details, reference may be made to the descriptions of the foregoing related processing-related embodiments, which will not be repeated here.

The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. Additionally, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The above method will be described below with reference to a specific embodiment. However, it should be noted that the specific embodiment is only for better illustrating the specification, and does not constitute an improper limitation of the specification.

The embodiments of this specification provide a method for managing open source software vulnerabilities in mobile banking based on blockchain technology, which can realize automatic and unified maintenance of open source software vulnerabilities and complete repairs, save management costs, and improve product security quality. The open source software vulnerability list is entered into the blockchain, and each module under the product is used as a node to jointly maintain the open source software vulnerability list, starting from the minimum version vulnerability used by each module of the same open source software. When a module is upgraded to the minimum version, the module The current open source software version of the node is updated. The open source software vulnerability system will periodically poll the problems in the vulnerability repair list. When all nodes do not have the version vulnerability, update the blockchain open source software vulnerability list, close the vulnerability, and start downloading. One poll to keep track of bug fixes for the next release.

The blockchain open source software vulnerability list is used to count the vulnerabilities of all versions of open source software used under the current product. The open source software vulnerability management polling system polls the vulnerabilities on the blockchain open source software vulnerability list every hour, and automatically closes the fixed vulnerabilities. In the product sub-module blockchain node, each node is used to record the current open source software version used by the sub-module.

For example, there are 20 sub-modules in mobile banking products (such as credit card module, transfer module, foreign exchange module, etc.), these 20 sub-modules have introduced 3 open source software: open source software A, open source software B, open source software C (for example only , the actual number may be thousands).

Open source software A has released versions 1.1, 1.2, 1.3, open source software B has released versions 2.2.1, 2.2.2, 2.2.3, open source software C has released versions 3.3.1, 3.3.2, 3.3.3. Version 1.1 of open source software A has vulnerability A1, version 1.2 has vulnerability A2, and version 1.3 has vulnerability A3. Version 2.2.1 of open source software B has vulnerability B1, version 2.2.2 has vulnerability B2, and version 2.2.3 has no vulnerability. The 3.3.1 version of the open source software C has a vulnerability C1, the 3.3.2 version does not have a vulnerability, and the 3.3.3 version does not have a vulnerability.

Based on this, the generated open source software vulnerability management checklist is shown in Table 1 below. Open source software vulnerability management checklists can be sent to the blockchain network for storage.

Table 1

Each sub-module under the mobile banking product is a blockchain node, and each node records the current version of the open source software used by the current module. For example, the node of module 1 records the open source software A version as 1.1, the module 2 node records the open source software A version as 1.2, and the module 3 node records the open source software A version as 1.1, as shown in Table 2.

Table 2

The open source software vulnerability management polling system periodically polls each node for each open source software according to the minimum vulnerable version in the open source software vulnerability management list every 1 hour. When the current version exists in the node, it means that the vulnerability has not been fixed.

For example, for open source software A, the minimum version in the open source software vulnerability management list is 1.1. Among the three sub-modules, both module 1 and module 3 use version 1.1, and the vulnerability has not been fixed.

When the version of open source software A of module 1 is upgraded from 1.1 to 1.2, and the version of open source software of module 3 is upgraded from 1.1 to 1.3, each node updates its latest version as shown in Table 3.

table 3

module Open source software version A Module 1 1.2 Module 2 1.2 Module 3 1.3

When the open source software polls, when the 1.1 version of open source software A does not exist on all nodes, the open source software version 1.1 vulnerability is repaired, the open source software vulnerability management list is updated, the 1.1 version vulnerability of open source software A is closed, and the updated open source software The vulnerability management checklist is described in Table 4.

Table 4

Other open source software version vulnerabilities are polled using the same method. Continue to regularly poll the blockchain nodes to grasp the open source software vulnerabilities of the target application in real time.

In the above specific embodiment, the open source software vulnerability list is shared with the blockchain, and the open source software vulnerabilities of each node are periodically polled, so as to realize the automatic maintenance of the open source software vulnerability list. Prevent each module from modifying the vulnerability list at will.

Based on the same inventive concept, the embodiments of this specification also provide a block chain-based open source software vulnerability management device, which is applied to a vulnerability management system, as described in the following embodiments. Since the principle of solving the problem of the open source software vulnerability management device based on the blockchain is similar to the open source software vulnerability management method based on the blockchain, the implementation of the open source software vulnerability management device based on the blockchain can refer to the open source software based on the blockchain. The implementation of vulnerability management methods will not be repeated here. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated. FIG. 3 is a structural block diagram of the blockchain-based open source software vulnerability management device according to the embodiment of the present specification. As shown in FIG. 3 , it includes: an acquisition module 301 , a generation module 302 , a transmission module 303 , a polling module 304 and a management Module 305, the structure of which is described below.

The obtaining module 301 is configured to obtain version data and vulnerability data corresponding to each open source software in a plurality of open source software used in the target application;

The generating module 302 is configured to generate an open source software vulnerability list based on the version data and vulnerability data corresponding to each open source software;

The sending module 303 is configured to send the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, and the The plurality of blockchain nodes are in one-to-one correspondence with the plurality of modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules;

The polling module 304 is configured to poll the open source software version data stored in each block chain node of the plurality of block chain nodes;

The management module 305 is configured to manage the vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result.

In some embodiments of this specification, the open source software vulnerability list records version data corresponding to each open source software in the plurality of open source software and vulnerability data corresponding to the version data.

In some embodiments of this specification, the polling module may be specifically configured to: regularly poll the open source software version data stored in each blockchain node among the plurality of blockchain nodes; according to the open source software version data obtained by polling, Statistics of the version data currently used by each open source software in the plurality of open source software.

In some embodiments of this specification, the management module may be specifically configured to: compare the version data currently used by each open source software in the plurality of open source software with the version data in the open source software vulnerability list; If it is found that the currently used version data does not include the target version data in the open source software vulnerability list, update the vulnerability data corresponding to the target version data in the open source software vulnerability list to no vulnerability.

Based on the same inventive concept, the embodiments of this specification also provide a blockchain-based open source software vulnerability management device, which is applied to a blockchain network, as described in the following embodiments. Since the principle of solving the problem of the open source software vulnerability management device based on the blockchain is similar to the open source software vulnerability management method based on the blockchain, the implementation of the open source software vulnerability management device based on the blockchain can refer to the open source software based on the blockchain. The implementation of vulnerability management methods will not be repeated here. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated. FIG. 4 is a structural block diagram of the blockchain-based open source software vulnerability management device according to the embodiment of the present specification. As shown in FIG. 4 , it includes: a receiving module 401, a sending module 402 and a management module 403. The following describes the structure. illustrate.

The receiving module 401 is configured to receive the open source software vulnerability list sent by the vulnerability management system, and perform distributed storage on the open source software vulnerability list; the open source software vulnerability list is based on each open source software used in the target application. The version data and vulnerability data corresponding to the software are generated.

The sending module 402 is configured to, in response to the polling request sent by the vulnerability management system, send to the vulnerability management system the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network ; The target application program includes a plurality of modules, the plurality of modules are in one-to-one correspondence with the plurality of blockchain nodes, and each blockchain node is used to store the open source software version data used in the corresponding modules.

The management module 403 is configured to receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result.

In some embodiments of the present specification, the apparatus may further include an update module, and the update module may be specifically configured to update the region in the case of upgrading the open source software used in the module corresponding to the blockchain node. The open source software version data stored in the blockchain node is updated.

From the above description, it can be seen that the embodiments of this specification achieve the following technical effects: a blockchain-based open source software vulnerability management method is provided, and the vulnerability management system can obtain multiple open source software used in target applications The version data and vulnerability data corresponding to each open source software in the above, based on the version data and vulnerability data corresponding to each open source software, generate an open source software vulnerability list, and send the open source software vulnerability list to the blockchain network for distributed storage, The blockchain network includes multiple blockchain nodes, the target application includes multiple modules, and the multiple blockchain nodes correspond to the multiple modules one-to-one. In order to store the open-source software version data used in the corresponding module, poll the open-source software version data stored in each blockchain node of the plurality of blockchain nodes, and according to the polling result, analyze the data stored in the blockchain network. Vulnerability data in open source software vulnerability inventories is managed. In the above scheme, the open source software vulnerability list is sent to the blockchain network for distributed storage, and the open source software vulnerability list can be shared by using the blockchain, and the vulnerability list can also be prevented from being maliciously tampered with. The open source software version data used in each module in multiple modules is stored in the corresponding blockchain node, so that the open source software version data used by each module can be obtained by polling the blockchain nodes, and then open source vulnerabilities can be identified according to the polling results. list to manage. The above solution solves the existing technical problems of difficulty in managing open source software vulnerabilities of products and difficult to maintain uniformly, and achieves the technical effect of realizing automatic and unified maintenance of open source software vulnerabilities, saving management costs, and improving product security quality.

The embodiment of this specification also provides a computer device. For details, please refer to the schematic diagram of the composition and structure of the computer device based on the blockchain-based open source software vulnerability management method provided by the embodiment of this specification. The computer device may specifically It includes an input device 51 , a processor 52 , and a memory 53 . The memory 53 is used for storing processor executable instructions. When the processor 52 executes the instructions, the steps of the block chain-based open source software vulnerability management method described in any of the foregoing embodiments are implemented.

In this implementation manner, the input device may specifically be one of the main apparatuses for information exchange between the user and the computer system. The input device may include a keyboard, a mouse, a camera, a scanner, a light pen, a handwriting input pad, a voice input device, etc.; the input device is used to input raw data and a program for processing these numbers into the computer. The input device can also acquire and receive data transmitted from other modules, units, and devices. The processor may be implemented in any suitable manner. For example, a processor may take the form of, for example, a microprocessor or a processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The memory may specifically be a memory device used for storing information in modern information technology. The memory can include multiple levels. In a digital system, as long as it can store binary data, it can be a memory; in an integrated circuit, a circuit with a storage function that does not have a physical form is also called a memory, such as RAM, FIFO, etc.; In the system, the storage device with physical form is also called memory, such as memory stick, TF card, etc.

In this embodiment, the functions and effects specifically implemented by the computer device can be explained in comparison with other embodiments, and will not be repeated here.

Embodiments of this specification also provide a computer storage medium for a blockchain-based open source software vulnerability management method, where the computer storage medium stores computer program instructions, and implements any of the above embodiments when the computer program instructions are executed The steps of a blockchain-based open source software vulnerability management method described in .

In this embodiment, the above-mentioned storage medium includes but is not limited to random access memory (Random Access Memory, RAM), read-only memory (Read-Only Memory, ROM), cache (Cache), hard disk (Hard DiskDrive, HDD) or storage Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set according to a standard specified by a communication protocol.

In this embodiment, the functions and effects specifically implemented by the program instructions stored in the computer storage medium can be explained in comparison with other embodiments, and will not be repeated here.

Embodiments of this specification also provide a computer program product, including computer programs/instructions, when the computer program/instructions are executed by a processor, the steps of the block chain-based open source software vulnerability management method described in any of the foregoing embodiments are implemented. .

Obviously, those skilled in the art should understand that each module or each step of the above-mentioned embodiments of the present specification can be implemented by a general-purpose computing device, and they can be centralized on a single computing device, or distributed in multiple computing devices. network, they can optionally be implemented with program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, can be different from the The illustrated or described steps are performed in order, either by fabricating them separately into individual integrated circuit modules, or by fabricating multiple modules or steps of them into a single integrated circuit module. As such, embodiments of this specification are not limited to any particular combination of hardware and software.

It should be understood that the above description is for purposes of illustration and not limitation. From reading the above description, many embodiments and many applications beyond the examples provided will be apparent to those skilled in the art. The scope of the specification should, therefore, be determined not with reference to the above description, but should instead be determined with reference to the preceding claims, along with the full scope of equivalents to which such claims are entitled.

The above descriptions are only preferred embodiments of the present specification, and are not intended to limit the present specification. For those skilled in the art, various modifications and changes may be made to the embodiments of the present specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification shall be included within the protection scope of this specification.

Claims (11)

1. A block chain-based open source software vulnerability management method, characterized in that, applied to a vulnerability management system, comprising: Obtain the version data and vulnerability data corresponding to each open source software among multiple open source software used in the target application; generating an open source software vulnerability list based on the version data and vulnerability data corresponding to each open source software; Send the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, and the multiple blockchains The nodes are in one-to-one correspondence with the multiple modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules; polling the open source software version data stored in each of the plurality of blockchain nodes; According to the polling result, the vulnerability data in the open source software vulnerability list stored in the blockchain network is managed. 2. The open-source software vulnerability management method according to claim 1, wherein the open-source software vulnerability list records version data corresponding to each open-source software in the plurality of open-source software and vulnerabilities corresponding to the version data. data. 3. The open source software vulnerability management method according to claim 1, wherein polling the open source software version data stored in each blockchain node in the plurality of blockchain nodes comprises: regularly polling the open source software version data stored in each of the plurality of blockchain nodes; According to the open source software version data obtained by polling, statistics on the version data currently used by each open source software in the plurality of open source software. 4. The open-source software vulnerability management method according to claim 3, wherein, according to the polling result, the vulnerability data in the open-source software vulnerability list stored in the blockchain network is managed, comprising: comparing the version data currently used by each open source software in the plurality of open source software with the version data in the open source software vulnerability list; If it is determined according to the comparison result that the currently used version data does not contain the target version data in the open source software vulnerability list, update the vulnerability data corresponding to the target version data in the open source software vulnerability list to no vulnerability . 5. A blockchain-based open source software vulnerability management method, characterized in that, applied to a blockchain network, comprising: Receive the open source software vulnerability list sent by the vulnerability management system, and store the open source software vulnerability list in a distributed manner; the open source software vulnerability list is based on version data corresponding to each open source software in a plurality of open source software used in the target application and vulnerability data generated; In response to the polling request sent by the vulnerability management system, the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network is sent to the vulnerability management system; the target application The program includes a plurality of modules, and the plurality of modules are in one-to-one correspondence with the plurality of blockchain nodes, and the blockchain nodes are used to store open source software version data used in the corresponding modules; Receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result. 6. The open source software vulnerability management method according to claim 5, further comprising: When the open source software used in the module corresponding to the blockchain node is upgraded, the open source software version data stored in the blockchain node is updated. 7. A block chain-based open source software vulnerability management device, characterized in that, applied to a vulnerability management system, comprising: The acquisition module is used to acquire the version data and vulnerability data corresponding to each open source software in the multiple open source software used in the target application; a generating module, configured to generate an open source software vulnerability list based on the version data and vulnerability data corresponding to the open source software; a sending module for sending the open source software vulnerability list to a blockchain network for distributed storage; the blockchain network includes multiple blockchain nodes, the target application includes multiple modules, the The plurality of blockchain nodes are in one-to-one correspondence with the plurality of modules, and the blockchain nodes are used to store open source software version data used in the corresponding modules; a polling module for polling open source software version data stored in each of the plurality of blockchain nodes; The management module is used to manage the vulnerability data in the open source software vulnerability list stored in the blockchain network according to the polling result. 8. A block chain-based open source software vulnerability management device, characterized in that, applied to a block chain network, comprising: The receiving module is used to receive the open source software vulnerability list sent by the vulnerability management system, and perform distributed storage on the open source software vulnerability list; the open source software vulnerability list is based on each open source software used in the target application. The version data and vulnerability data corresponding to the software are generated; A sending module, configured to send, to the vulnerability management system, the open source version data stored in each blockchain node of the plurality of blockchain nodes in the blockchain network in response to a polling request sent by the vulnerability management system ; The target application program includes a plurality of modules, and the plurality of modules are in one-to-one correspondence with the plurality of blockchain nodes, and each blockchain node is used to store the open source software version data used in the corresponding modules; The management module is configured to receive the polling result returned by the vulnerability management system, and manage the open source software vulnerability list stored in the blockchain network according to the polling result. 9. A computer device, comprising a processor and a memory for storing instructions executable by the processor, when the processor executes the instructions, the steps of the method according to any one of claims 1 to 6 are implemented . 10. A computer-readable storage medium on which computer instructions are stored, wherein the instructions, when executed by a processor, implement the steps of the method of any one of claims 1 to 6. 11. A computer program product comprising computer programs/instructions, wherein the computer program/instructions, when executed by a processor, implement the steps of the method of any one of claims 1 to 6.

Images