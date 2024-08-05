The global use of OSS has increased, not only on the web and in various applications but also in software embedded in home appliances and telecommunications equipment. As its adoption has spread, new threats to digital products and online services have emerged and multiplied. Cybersecurity incidents now occur daily, with the software supply chain being a common target for cyberattacks. According to PwC’s 2024 Global Digital Trust Insights survey, the proportion of companies experiencing data breaches costing more than USD one million has risen from 27 percent to 36 percent year-over-year.*

To prevent and defend against cyberattacks, various efforts are being made to ramp up software supply chain security, particularly in the U.S. and Europe. The U.S. government has mandated that any company contracted to supply software to a federal agency must submit a self-attestation form confirming compliance with safe software development practices. Similarly, the European Union has proposed a bill mandating the submission of a “software bill of materials” (SBOM). An SBOM is a comprehensive list of the components within a software resource and has emerged as an effective means to enhance supply chain security.

The Korean government is also actively responding to the rise in advanced cyberattacks targeting software supply chains. Earlier this year, Korea’s Digital Platform Government Committee, along with the Ministry of Science and ICT and the National Intelligence Service, created the ‘Software Supply Chain Security Guidelines 1.0.’

These guidelines contain detailed information on minimum SBOM requirements, software security vulnerability inspection criteria, the use of government-supported test beds, and how to specify and utilize software components. Easy to use and follow, the guidelines also include cases verified through last year’s demonstration project for field application, organized by the Korean government.

Large companies, including LG Electronics, are addressing software security vulnerabilities with their own SBOM tools and management procedures. In today’s business environment, software development typically involves the use of OSS and a collaborative system involving multiple partner companies. To ensure the security of the entire software supply chain, it is crucial that each participant plays their role well – taking all necessary steps and using all available tools to prevent security breaches.