Discussion on SW Supply Chain Security Guideline 1.0
The Ministry of Science and ICT announced on the 29th that it held the '2024 1st Software (SW) Supply Chain Security Forum (hereinafter referred to as the Forum)' at the Korea Internet & Security Agency (KISA) Seoul office. The forum was attended by KISA and the National IT Industry Promotion Agency (NIPA), among others.
The Ministry of Science and ICT and KISA launched the forum in October 2022 to systematically respond to cyber threats targeting the supply chain, including SW development, distribution, and operation. At the forum, trends in institutionalization for the adoption of Software Bill of Materials (SBOM) in major countries such as the United States and Europe were shared, and ways to apply these to domestic government, public institutions, and companies were explored. The SBOM contains a list of software components, which serves as a basis for identifying vulnerabilities in software and managing it.
At the forum, measures to disseminate the 'SW Supply Chain Security Guideline 1.0 (hereinafter referred to as the Guideline),' released on the 13th, were discussed. Professors Yoonseong Choi of Korea University, Manhee Lee of Hannam University, and Byunghoon Kang of KAIST, who authored the guideline, introduced the main contents and shared the SBOM-based SW supply chain security management system, domestic SBOM demonstration results, and safe utilization methods of SBOM.
Forum participants shared support measures for security professionals and small and medium-sized enterprises, as well as ways to utilize SBOM and security inspection checklists for SW development environments.
Jangrim Jeong, Director of Information Security Network Policy at the Ministry of Science and ICT, stated, "Through SBOM-based SW supply chain security, we can improve the quality of domestic software and increase transparency across the entire supply chain, thereby securing the competitiveness of domestic companies." He added, "We will do our best to provide field demand-tailored support so that companies can apply SW supply chain security without significant burden."
Meanwhile, the guideline is being distributed in print by government agencies such as the Ministry of Science and ICT, the National Intelligence Service, and the Digital Platform Government Committee, and the file can be downloaded from the websites of public institutions such as KISA and NIPA, as well as association sites including the Korea Information Security Industry Association (KISIA) and the Korea Software Industry Association (KOSA).
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![$29 Monthly Subscription AI Plant Appliance... US Startup Challenges LG [CES 2026]](https://cwcontent.asiae.co.kr/asiaresize/319/2026010819285284553_1767868133.png)
