Application security specialist Sparrow announced on the 14th that it held its annual customer invitation event, ‘PUC 2024 (Power User Conference),’ at El Tower in Yangjae, Seoul.
Sparrow’s PUC is an annual conference organized to share the latest application security status and countermeasures with IT and security personnel from various industries. At this event, Sparrow shared trends in software supply chain security, one of the biggest domestic and international security issues, along with real-world application cases for responding to them.
This year’s theme was ‘Next Generation Application Security.’ Sparrow presented software supply chain security measures and the roles of software supply chain participants, and introduced Sparrow’s strategy to provide an integrated vulnerability management platform based on new technologies.
Jang Ilsu, CEO of Sparrow, who opened the event with a keynote speech, said, “Various countries are pushing for institutionalization to strengthen supply chain security, such as the EU’s Cyber Resilience Act mandating the submission of Software Bill of Materials (SBOM) and the US’s requirement to comply with the Secure Software Development Framework (SSDF).” He added, “Supply chain participants must continuously monitor vulnerabilities not only in open source but also in proprietary and commercial software to establish a supply chain management system and enhance resilience.”
CEO Jang proposed ‘Sparrow Enterprise’ as a solution to automate security testing and integrate vulnerability management throughout the software development life cycle (SDLC).
He explained, “Sparrow Enterprise analyzes source code, open source, and web vulnerabilities on a single platform and can implement DevSecOps by integrating with CI/CD tools and configuration management tools. It supports vulnerability inspection reports and various SBOM formats, enabling software transparency.”
Following the keynote, cases applying software supply chain security using Sparrow products were shared. Park Il, Deputy General Manager of Net&?a company specializing in integrated access control and account management solutions?presented a case where they built a vulnerability management process using secure coding (SAST), open source management (SCA), and web vulnerability analysis (DAST) tools, reducing post-management costs and resources. Han Minki, Team Leader at FinSecurity, an information security professional service company, explained the SBOM utilization guide from the perspective of software operators based on a software supply chain security demonstration project participated in through a consortium with Sparrow.
Sparrow’s roadmap aligned with the emergence of the latest technologies was also revealed. Senior Researcher Yoon Jongwon of Sparrow stated in his presentation, “As new technologies such as Infrastructure as Code (IaC) and containers are applied to application development environments, new security threats are also emerging.” He added, “Sparrow will continue to research and respond to IaC-based infrastructure vulnerability diagnosis, API specification-based dynamic security vulnerability diagnosis, and container image analysis.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
