2024³â 12¿ù 25ÀÏ ¼ö¿äÀÏ
 
 
  ÇöÀçÀ§Ä¡ > ´º½ºÁö´åÄÄ > Science & Technology

·£¼¶¿þ¾îºÎÅÍ µÅÁöµµ»ì±îÁö... ³ë·ÃÇØÁø »ç±âÇà°¢

 

Á¤Ä¡

 

°æÁ¦

 

»çȸ

 

»ýÈ°

 

¹®È­

 

±¹Á¦

 

°úÇбâ¼ú

 

¿¬¿¹

 

½ºÆ÷Ã÷

 

ÀÚµ¿Â÷

 

ºÎµ¿»ê

 

°æ¿µ

 

¿µ¾÷

 

¹Ìµð¾î

 

½Å»óÇ°

 

±³À°

 

ÇÐȸ

 

½Å°£

 

°øÁö»çÇ×

 

Ä®·³

 

Ä·ÆäÀÎ
Çѻ츲 ¡®¿ì¸®´Â ÇѽҸ²¡¯ ½Ò ¼Òºñ Ä·ÆäÀÎ ½Ã...
1000¸¸¿øÂ¥¸® Àΰø¿Í¿ì, °Ç°­º¸Çè Áö¿ø ¡®Æò...
- - - - - - -
 

Strengthening the Software Supply Chain With SBOM

´º½ºÀÏÀÚ: 2024-08-13

[Executive Corner] Approximately 70 percent of South Korean companies involved in software development use open-source software (OSS), according to the Korea National IT Industry Promotion Agency. OSS is easily accessible and can be utilized by users worldwide through online platforms like GitHub, enabling developers to create, develop, manage and share code. While OSS offers numerous benefits – from cost effectiveness to customizability and flexibility – it also presents significant drawbacks, including the prevalence of malicious code and security vulnerabilities that can spread rapidly.

The global use of OSS has increased, not only on the web and in various applications but also in software embedded in home appliances and telecommunications equipment. As its adoption has spread, new threats to digital products and online services have emerged and multiplied. Cybersecurity incidents now occur daily, with the software supply chain being a common target for cyberattacks. According to PwC’s 2024 Global Digital Trust Insights survey, the proportion of companies experiencing data breaches costing more than USD one million has risen from 27 percent to 36 percent year-over-year.*

To prevent and defend against cyberattacks, various efforts are being made to ramp up software supply chain security, particularly in the U.S. and Europe. The U.S. government has mandated that any company contracted to supply software to a federal agency must submit a self-attestation form confirming compliance with safe software development practices. Similarly, the European Union has proposed a bill mandating the submission of a “software bill of materials” (SBOM). An SBOM is a comprehensive list of the components within a software resource and has emerged as an effective means to enhance supply chain security.

The Korean government is also actively responding to the rise in advanced cyberattacks targeting software supply chains. Earlier this year, Korea’s Digital Platform Government Committee, along with the Ministry of Science and ICT and the National Intelligence Service, created the ‘Software Supply Chain Security Guidelines 1.0.’

These guidelines contain detailed information on minimum SBOM requirements, software security vulnerability inspection criteria, the use of government-supported test beds, and how to specify and utilize software components. Easy to use and follow, the guidelines also include cases verified through last year’s demonstration project for field application, organized by the Korean government.

Large companies, including LG Electronics, are addressing software security vulnerabilities with their own SBOM tools and management procedures. In today’s business environment, software development typically involves the use of OSS and a collaborative system involving multiple partner companies. To ensure the security of the entire software supply chain, it is crucial that each participant plays their role well – taking all necessary steps and using all available tools to prevent security breaches.

For this reason, LG is helping other companies to effectively manage SBOM by releasing the source code of FOSSLight – LG’s in-house developed SBOM tool. FOSSLight can accurately detect a specific piece of OSS, monitor it for security vulnerabilities and retrieve any associated licenses. As the project for open source governance, FOSSLight consists of FOSSLight Hub, an integrated system that can manage open source, and FOSSLight Scanner, which can analyze open source.

LG’s commitment to ensuring security isn’t anything new. At CES 2024, LG CEO William Cho redefined AI as ‘Affectionate Intelligence’ and shared the company’s aspiration to pursue Responsible Intelligence. LG Shield, the company’s AI-based security system, will be applied to every aspect of customer-data collection, storage and usage, and will also be used to protect the software supply chain.

Ultimately, SBOM enhances an organization’s ability to identify and respond to software security vulnerabilities in advance. In addition to preventing organizational information, digital infrastructure, and customer data from being compromised, SBOM can also improve the overall quality of the software used by companies. Furthermore, because it promotes greater transparency in the software supply chain, SBOM is expected to play an important role in strengthening reliability in overseas markets.

This effort was prominently featured in a panel discussion at the OECD Global Forum on Digital Security for Prosperity in July. The panel, titled “Open-source software and vulnerability treatment,” delved into the specific challenges and solutions related to open source software vulnerabilities. The discussion highlighted how both proprietary and open-source software are affected by the reality that increased code complexity often results in more vulnerabilities. The session provided an in-depth exploration of the unique aspects of open-source software and its ecosystem in addressing these issues.

In the future, we hope that the adoption of SBOM will increase throughout the ICT industry, bringing about a safer and more transparent OSS ecosystem that benefits all companies.

By Kim Kyoung-ae, Open Source Task Leader of Software Engineering R&D Lab. at LG Electronics



 Àüü´º½º¸ñ·ÏÀ¸·Î

Novotech Named a Fierce CRO Award Winner in the Excellence
SINOVAC Initiated a Phase III Clinical Trial on Bivalent Vaccine Against Hand Foot and Mouth Disease (HFMD)
The Next Gen of AI Awaits, GIGABYTE Sets the Benchmark for HPC at CES 2025
SpaceRISE Signs Concession Contract to Deliver Europe¡¯s IRIS©÷ Connectivity Network
Boomi Boosts Data Management Capabilities With Acquisition of Modern Data Integration Provider Rivery
Korean Robotaxi Startup Sonnet.AI Secures Level 4 Autonomous Shuttles Certification
KIOXIA NVMe SSD Cryptographic Module Achieves FIPS 140-3 Level 2 Validation

 

CHMP Recommends Approval of Galderma¡¯s Nemolizumab for Moderate-to-Se...
BrightPath Bio and Cellistic Announced Process Development and Manufac...
Parse Biosciences Launches Evercode Mouse BCR to Support Antibody Engi...
PDC*line Pharma Presents Primary Clinical Results From Phase I/II Tria...
Tanner Pharma Expands Global Access to Botensilimab and Balstilimab Th...
Abu Dhabi¡¯s Technology Innovation Institute Inaugurates Open-Source A...
DNP Achieves Fine Pattern Resolution on EUV Lithography Photomasks for...

 


°øÁö»çÇ×
´º½ºÁö ÇÑÀÚÇ¥±â 'ãæÚ¤ó¢'
´º½º±×·ì Á¤º¸ ¹Ìµð¾î ºÎ¹® »óÇ¥µî·Ï
¾ËÇÁ·Ò °è¿­ »óÇ¥, »óÇ¥µî·Ï ¿Ï·á
¾Ë¶ã°Ç¼³, »óÇ¥µî·Ï ¿Ï·á
Á¸Â÷´åÄÄ, ±Û²Ã º¯°æ »óÇ¥µî·Ï ¿Ï·á

 

ȸ»ç¼Ò°³ | ÀÎÀçä¿ë | ÀÌ¿ë¾à°ü | °³ÀÎÁ¤º¸Ãë±Þ¹æħ | û¼Ò³âº¸È£Á¤Ã¥ | Ã¥ÀÓÇÑ°è¿Í ¹ýÀû°íÁö | À̸ÞÀÏÁÖ¼Ò¹«´Ü¼öÁý°ÅºÎ | °í°´¼¾ÅÍ

±â»çÁ¦º¸ À̸ÞÀÏ news@newsji.com, ÀüÈ­ 050 2222 0002, Æѽº 050 2222 0111, ÁÖ¼Ò : ¼­¿ï ±¸·Î±¸ °¡¸¶»ê·Î 27±æ 60 1-37È£

ÀÎÅͳݴº½º¼­ºñ½º»ç¾÷µî·Ï : ¼­¿ï ÀÚ00447, µî·ÏÀÏÀÚ : 2013.12.23., ´º½º¹è¿­ ¹× û¼Ò³âº¸È£ÀÇ Ã¥ÀÓ : ´ëÇ¥ CEO

Copyright ¨Ï All rights reserved..