RedPenSoft announced on the 11th that it will supply Hanwha Life with its cloud-based software (SW) supply chain security solution, 'XSCAN.'
As attacks using software supply chains continue to occur in the financial sector, proactive measures are necessary to prevent user damage. The existing vulnerability inspection methods can only manage vulnerabilities that are provided as open source or publicly disclosed, making it difficult to inspect already developed commercial software. Therefore, supplementing this while meeting the guidelines of Article 29 (Program Control) of the Electronic Financial Supervisory Regulations is the decisive background for adopting XSCAN.
XSCAN provides a service that compares update and patch files received from outsourced developers or software vendors with previous versions, requiring explanations when there is code that may exhibit abnormal behavior or an unusually large number of changes. If necessary, white-hat hackers provide detailed analysis reports. Additionally, by applying ChatGPT, it becomes easier to identify abnormal signs and how to respond to them.
Jang Sang-hyun, CISO of Hanwha Life, said, “Through software supply chain security, zero-day vulnerabilities such as log4j used in supplier software can be identified in advance via SBOM (Software Bill of Materials), completely eliminating vulnerabilities before the software is used by Hanwha Life, thereby enhancing the information security trustworthiness of Hanwha Life’s customer services.”
Jeon Ik-chan, Vice President of RedPenSoft, stated, “Through the XSCAN service, we can preemptively block serious damages that may occur from supply chain attacks such as internal endpoint takeovers or chain infections of customer service users. By improving processes and implementing workflows from a cybersecurity perspective regarding software patch import and verification, it is possible to establish an active and proactive cyber response system.”
Software supply chain security gained importance when the Biden administration in the United States announced the “Executive Order on Improving the Nation’s Cybersecurity (EO-14028)” in May 2021. In 2023, the Ministry of Science and ICT led a demonstration project to establish a software supply chain security system in collaboration with the Korea Internet & Security Agency (KISA).
RedPenSoft, a joint venture between Softcamp and Enki, participated last year as a leading company that has honed its technological capabilities through the SW supply chain security demonstration project.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
