NISSTC to Regulate the Security Evaluation for Open Source Code of Software Products
2023-04-28 Published by:Editor

On April 11, China’s National Information Security Standardization Technical Committee (NISSTC) released the Information Security Technology - Evaluation Method for Open Source Code Security of Software Products (Draft for Comment) (the "Draft") for public consultation by June 9, 2023.

The Draft specifies the goals, indicator system, and evaluation method for security evaluation for open source code of software products. The evaluation indicator system involves sources of open source code, quality of open source code, intellectual property rights to open source code, and open source code management capabilities. The Draft stipulates that, the evaluation process mainly includes four stages: evaluation preparation, plan formulation, on-site implementation, and analysis and assessment. The party conducting the evaluation should comprehensively adopt the basic evaluation methods, such as interview, inspection, and test, during the security evaluation of open source code to verify whether the evaluation materials provided by the party being evaluated meet the requirements of under the indicators. The Draft also requires the party being evaluated to ensure the security of the open source code contained in its software products according to the actual conditions of the industry and its enterprise scale, and based on the evaluation system and rules.

(Source: China’s National Information Security Standardization Technical Committee)

The Watson & Band website is intended for informational purposes only. Nothing in this site is to be construed as creating an attorney-client relationship between the reader and Watson & Band or as offering legal advice on any specific matter. Since we are not providing legal advice through this website, you should not act upon any information that you might receive here without first seeking professional counsel. No client or other reader should act or refrain from acting on the basis of any information contained in the Watson & Band website without seeking appropriate legal or other professional advice based on the particular facts and circumstances at issue.

© Copyright 2000-2015 All Rights Reserved | Shanghai ICP for 15028801 Privacy Policy | User Feedback

沪公网安备 31010402001317号