Application security company Sparrow announced on June 18 that it successfully concluded its annual customer invitation event, 'PUC 2025,' held at El Tower in Yangjae, Seoul, on June 17.
During the event, Sparrow shared strategies for establishing software supply chain security systems, along with real-world application cases. The PUC event, held under the theme 'Software Trust and Safety in the Era of Supply Chain Security,' was attended by IT and security professionals from a wide range of industries, including finance, public sector, healthcare, and manufacturing.
Sparrow presented strategies to proactively prevent and efficiently respond to growing software supply chain threats, as well as case studies on building software supply chain security systems using Sparrow products.
In his keynote speech, Sparrow CEO Jang Ilsu stated, "Attacks involving the use of vulnerable open-source software from the early stages of development, or attackers infiltrating build or deployment systems to insert malicious code, can occur throughout the entire software development lifecycle."
He added, "It is essential to strengthen vulnerability checks at each stage to realize DevSecOps and to leverage the Software Bill of Materials (SBOM) to accelerate the response to vulnerabilities."
During the presentation session, Yoon Jongwon, Head of Sparrow Development Center, introduced methods for implementing DevSecOps and securing the reliability of the software supply chain. Yoon explained, "By establishing consistent security policies throughout the entire software development lifecycle and integrating DevOps pipelines with application security testing tools, organizations can not only realize DevSecOps but also enhance software supply chain security."
The SBOM distribution platform introduced by Yoon is a product designed to share and systematically manage SBOMs, which are essential for software supply chain security, in a safer manner. Suppliers can add digital signatures to SBOMs to prove that they were generated from trusted sources and have not been tampered with.
Ye Kuyoong, Head of Domestic Business at Sparrow, said, "Sparrow has demonstrated its technological capabilities by participating in numerous projects linked to government-led supply chain security policies," adding, "We are also expanding our references by being selected for consecutive projects with multiple financial institutions and public agencies."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
