https://answer.freetools.me/categories/%E5%BC%80%E6%BA%90%E5%AE%89%E5%85%A8/ Recent content in 开源安全 on Answer Hugo -- 0.152.2 zh-cn Fri, 06 Mar 2026 04:38:02 +0800 https://answer.freetools.me/%E8%BD%AF%E4%BB%B6%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E4%B8%80%E6%9D%A1%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%A6%82%E4%BD%95%E6%84%9F%E6%9F%93%E5%85%A8%E7%90%83%E5%8D%81%E5%85%AB%E4%B8%87%E5%8F%B0%E6%9C%8D%E5%8A%A1%E5%99%A8/ Fri, 06 Mar 2026 04:38:02 +0800 https://answer.freetools.me/%E8%BD%AF%E4%BB%B6%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E4%B8%80%E6%9D%A1%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%A6%82%E4%BD%95%E6%84%9F%E6%9F%93%E5%85%A8%E7%90%83%E5%8D%81%E5%85%AB%E4%B8%87%E5%8F%B0%E6%9C%8D%E5%8A%A1%E5%99%A8/ 深入剖析软件供应链攻击的技术原理与防御策略。从SolarWinds的SUNBURST后门到npm生态系统的投毒风暴，系统梳理攻击者如何利用开源生态的信任链发起致命打击。详细分析依赖混淆、typosquatting、维护者账号劫持等攻击向量，以及SLSA框架、SBOM、Sigstore等防御体系的演进历程。