Sparrow, a specialized application security company, successfully concluded the ‘SAS Summit 2024 (Sparrow Application Security Summit 2024)’ held on the morning of the 23rd at the InterContinental Seoul COEX in Samseong-dong, Gangnam-gu, Seoul.
The SAS Summit is Sparrow’s flagship CIO·CISO breakfast seminar, attended by about 30 C-level executives from various industries including large corporations, public institutions, and financial companies.
The event consisted of three detailed sessions, presenting application security strategies to respond to software supply chain attacks and vulnerability management measures according to changes in the development environment.
Sparrow announced the latest application security trends based on insights gained from global security conferences such as BlackHat Asia and RSA, as well as domestic policy trends related to software supply chain security. Emphasizing the roles of developers, suppliers, and operators for safe software development and operation, Sparrow highlighted the need to automate security testing and integrate vulnerability management within the software development life cycle (SDLC) to ensure software transparency and reliability.
Sparrow also presented methods for applying security technologies in response to changes in the application development environment. They proposed responses to new security threats arising from emerging technologies such as Infrastructure as Code (IaC), container images, and APIs between Micro Services. They shared the importance of securing security visibility through overall vulnerability management, along with AI-based methods for identifying, classifying, and addressing vulnerabilities.
Based on their experience participating in the ‘Software Supply Chain Security Demonstration Project’ conducted last year by the Ministry of Science and ICT and KISA, Sparrow proposed measures to comply with the ‘Software Supply Chain Security Guideline v1.0’ announced by the government in May. To establish a secure software supply chain, they emphasized that it is important not only to utilize the Software Bill of Materials (SBOM) but also for key participants in the supply chain to jointly respond to security vulnerabilities through security testing and software acceptance testing.
Jang Ilsu, CEO of Sparrow, stated, “Software supply chain security cannot be solved by focusing on security alone.” He added, “Because it is a problem that requires joint response, we created an opportunity to communicate with C-level executives from various fields.” He continued, “Sparrow possesses essential application security testing products for each stage to establish a software supply chain security system,” and “We will continue to support companies and institutions to appropriately respond to software supply chain attacks.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
