2024³â 11¿ù 02ÀÏ Åä¿äÀÏ
 
 
  ÇöÀçÀ§Ä¡ > ´º½ºÁö´åÄÄ > Science & Technology

·£¼¶¿þ¾îºÎÅÍ µÅÁöµµ»ì±îÁö... ³ë·ÃÇØÁø »ç±âÇà°¢

 

Á¤Ä¡

 

°æÁ¦

 

»çȸ

 

»ýÈ°

 

¹®È­

 

±¹Á¦

 

°úÇбâ¼ú

 

¿¬¿¹

 

½ºÆ÷Ã÷

 

ÀÚµ¿Â÷

 

ºÎµ¿»ê

 

°æ¿µ

 

¿µ¾÷

 

¹Ìµð¾î

 

½Å»óÇ°

 

±³À°

 

ÇÐȸ

 

½Å°£

 

°øÁö»çÇ×

 

Ä®·³

 

Ä·ÆäÀÎ
Çѻ츲 ¡®¿ì¸®´Â ÇѽҸ²¡¯ ½Ò ¼Òºñ Ä·ÆäÀÎ ½Ã...
1000¸¸¿øÂ¥¸® Àΰø¿Í¿ì, °Ç°­º¸Çè Áö¿ø ¡®Æò...
- - - - - - -
 

Strengthening the Software Supply Chain With SBOM

´º½ºÀÏÀÚ: 2024-08-13

[Executive Corner] Approximately 70 percent of South Korean companies involved in software development use open-source software (OSS), according to the Korea National IT Industry Promotion Agency. OSS is easily accessible and can be utilized by users worldwide through online platforms like GitHub, enabling developers to create, develop, manage and share code. While OSS offers numerous benefits – from cost effectiveness to customizability and flexibility – it also presents significant drawbacks, including the prevalence of malicious code and security vulnerabilities that can spread rapidly.

The global use of OSS has increased, not only on the web and in various applications but also in software embedded in home appliances and telecommunications equipment. As its adoption has spread, new threats to digital products and online services have emerged and multiplied. Cybersecurity incidents now occur daily, with the software supply chain being a common target for cyberattacks. According to PwC’s 2024 Global Digital Trust Insights survey, the proportion of companies experiencing data breaches costing more than USD one million has risen from 27 percent to 36 percent year-over-year.*

To prevent and defend against cyberattacks, various efforts are being made to ramp up software supply chain security, particularly in the U.S. and Europe. The U.S. government has mandated that any company contracted to supply software to a federal agency must submit a self-attestation form confirming compliance with safe software development practices. Similarly, the European Union has proposed a bill mandating the submission of a “software bill of materials” (SBOM). An SBOM is a comprehensive list of the components within a software resource and has emerged as an effective means to enhance supply chain security.

The Korean government is also actively responding to the rise in advanced cyberattacks targeting software supply chains. Earlier this year, Korea’s Digital Platform Government Committee, along with the Ministry of Science and ICT and the National Intelligence Service, created the ‘Software Supply Chain Security Guidelines 1.0.’

These guidelines contain detailed information on minimum SBOM requirements, software security vulnerability inspection criteria, the use of government-supported test beds, and how to specify and utilize software components. Easy to use and follow, the guidelines also include cases verified through last year’s demonstration project for field application, organized by the Korean government.

Large companies, including LG Electronics, are addressing software security vulnerabilities with their own SBOM tools and management procedures. In today’s business environment, software development typically involves the use of OSS and a collaborative system involving multiple partner companies. To ensure the security of the entire software supply chain, it is crucial that each participant plays their role well – taking all necessary steps and using all available tools to prevent security breaches.

For this reason, LG is helping other companies to effectively manage SBOM by releasing the source code of FOSSLight – LG’s in-house developed SBOM tool. FOSSLight can accurately detect a specific piece of OSS, monitor it for security vulnerabilities and retrieve any associated licenses. As the project for open source governance, FOSSLight consists of FOSSLight Hub, an integrated system that can manage open source, and FOSSLight Scanner, which can analyze open source.

LG’s commitment to ensuring security isn’t anything new. At CES 2024, LG CEO William Cho redefined AI as ‘Affectionate Intelligence’ and shared the company’s aspiration to pursue Responsible Intelligence. LG Shield, the company’s AI-based security system, will be applied to every aspect of customer-data collection, storage and usage, and will also be used to protect the software supply chain.

Ultimately, SBOM enhances an organization’s ability to identify and respond to software security vulnerabilities in advance. In addition to preventing organizational information, digital infrastructure, and customer data from being compromised, SBOM can also improve the overall quality of the software used by companies. Furthermore, because it promotes greater transparency in the software supply chain, SBOM is expected to play an important role in strengthening reliability in overseas markets.

This effort was prominently featured in a panel discussion at the OECD Global Forum on Digital Security for Prosperity in July. The panel, titled “Open-source software and vulnerability treatment,” delved into the specific challenges and solutions related to open source software vulnerabilities. The discussion highlighted how both proprietary and open-source software are affected by the reality that increased code complexity often results in more vulnerabilities. The session provided an in-depth exploration of the unique aspects of open-source software and its ecosystem in addressing these issues.

In the future, we hope that the adoption of SBOM will increase throughout the ICT industry, bringing about a safer and more transparent OSS ecosystem that benefits all companies.

By Kim Kyoung-ae, Open Source Task Leader of Software Engineering R&D Lab. at LG Electronics



 Àüü´º½º¸ñ·ÏÀ¸·Î

P3 Group and FPT Establish Joint Venture P3 Vietnam Ltd. - A Powerful Partnership for Strategic Large-Scale Projects
Celonis Business Collaboration Networks Drive Process Improvement Across Company Boundaries
L&T Technology Services Unveils Cutting-Edge AI Experience Zone Built on NVIDIA AI
ADx NeuroSciences and Alamar Biosciences Announce Partnership to Provide Customized Blood-Based Biomarker Assay Solutions
FPT Software Recognized as a Major Player in the IDC MarketScape
ANANDA Scientific and the David Geffen School of Medicine, UCLA, Announce Commencement of a Clinical Trial Evaluating Nantheia ATL5
AMD-Roborobo to operate a joint booth at the Edutech Asia 2024 exhibition

 

Medidata Announces Rave Lite to Support Growth in Early and Late-Stage...
Asia Pacific IT, Business Services Market Continues to Grow, But Slows...
ASDS 2024: New Phase III READY-4 Data Demonstrate Long-Term Safety and...
LambdaTest Introduces Automated Accessibility Testing with Playwright ...
Bentley Systems Announces Generative AI Game-Changer for Civil Site De...
Lenovo named Official FIFA Technology Partner
Lenovo's Hybrid AI Advantage with NVIDIA Accelerates Smarter Decision ...

 


°øÁö»çÇ×
´º½ºÁö ÇÑÀÚÇ¥±â 'ãæÚ¤ó¢'
´º½º±×·ì Á¤º¸ ¹Ìµð¾î ºÎ¹® »óÇ¥µî·Ï
¾ËÇÁ·Ò °è¿­ »óÇ¥, »óÇ¥µî·Ï ¿Ï·á
¾Ë¶ã°Ç¼³, »óÇ¥µî·Ï ¿Ï·á
Á¸Â÷´åÄÄ, ±Û²Ã º¯°æ »óÇ¥µî·Ï ¿Ï·á

 

ȸ»ç¼Ò°³ | ÀÎÀçä¿ë | ÀÌ¿ë¾à°ü | °³ÀÎÁ¤º¸Ãë±Þ¹æħ | û¼Ò³âº¸È£Á¤Ã¥ | Ã¥ÀÓÇÑ°è¿Í ¹ýÀû°íÁö | À̸ÞÀÏÁÖ¼Ò¹«´Ü¼öÁý°ÅºÎ | °í°´¼¾ÅÍ

±â»çÁ¦º¸ À̸ÞÀÏ news@newsji.com, ÀüÈ­ 050 2222 0002, Æѽº 050 2222 0111, ÁÖ¼Ò : ¼­¿ï ±¸·Î±¸ °¡¸¶»ê·Î 27±æ 60 1-37È£

ÀÎÅͳݴº½º¼­ºñ½º»ç¾÷µî·Ï : ¼­¿ï ÀÚ00447, µî·ÏÀÏÀÚ : 2013.12.23., ´º½º¹è¿­ ¹× û¼Ò³âº¸È£ÀÇ Ã¥ÀÓ : ´ëÇ¥ CEO

Copyright ¨Ï All rights reserved..