South Korea’s Ministry of Science and ICT said on April 16 it will publish a casebook of security model examples produced through a support project to build an SBOM (Software Bill of Material)-based software supply chain security management system with the Korea Internet & Security Agency (KISA).
As use of various components such as open source and external libraries increases in the software development process, software supply chains are becoming more complex. Attacks exploiting that trend are also increasing. For an effective response, the ministry and KISA last year launched the SBOM-based software supply chain security management system support project for 8 companies for the first time.
The ministry and participating companies identified a common supply chain security model that uses SBOM to manage external source code from initial adoption through post-deployment monitoring across industries including healthcare, transportation, security and finance.
They also identified cases of responses to SBOM regulations in the United States and the European Union, an SBOM sharing model that allows SBOMs to be shared and received securely, and cases of embedding supply chain security tailored to each company’s software.
The project also provided technical support to meet major countries’ security requirements and address security vulnerabilities. It compiled a supply chain security self-diagnosis checklist for companies seeking to respond to global regulations or build their own supply chain security systems, as well as how to structure SBOM items and use them.
The casebook will be presented on April 16 at the Information and Communications Network Information Security Conference. Details can also be found on the KISA website.
Lim Jeong-gyu (임정규), director-general for Information Security Network Policy at the ministry, said he expects it to serve as a good reference for software and security companies building supply chain security management systems. He said the government will continue to support strengthening software supply chain security to bolster overall security to secure cyber resilience.
Click Here For The Original Source
