Sparrow "Helps Domestic SW Developers Strengthen Supply Chain Security"

Major domestic software (SW) developers are actively addressing security vulnerabilities and open source management to prepare for the increasing SW supply chain attacks. Sparrow is leading the establishment of a secure development environment by supplying products to enhance SW supply chain security to domestic SW developers such as Net&, RaonSecure, Somansa, and Suprema.

SW supply chain attacks can insert malware or exploit security vulnerabilities from the development stage, causing damage to end users. These attacks are becoming increasingly sophisticated as a single attack can trigger a chain of damages. The SolarWinds incident and the Log4j vulnerability case are representative examples of SW supply chain attacks.

The U.S. cybersecurity agency CISA has mandated SW developers to implement ‘Security by Design’ by addressing vulnerabilities before the product is completed.

Domestically, the government also published the ‘Software Supply Chain Security Guideline v1.0,’ recommending supply chain security activities for developers. The guideline advises minimizing security vulnerabilities from the development stage and ensuring the security of libraries included in the SW as well as the build and deployment systems.

Specifically, it requires ▲establishing a secure code development environment ▲setting open SW management practices ▲verifying SW components using Software Bill of Materials (SBOM). SW developers such as Net&, RaonSecure, Somansa, and Suprema have adopted Sparrow’s solutions capable of checking SW security vulnerabilities and managing open source. They are securing the safety of their self-developed software and proactively preventing supply chain attacks. Sparrow SAST, Sparrow DAST, and Sparrow SCA are representative solutions introduced to strengthen supply chain security.

Sparrow SAST analyzes source code vulnerabilities based on key inspection criteria such as the SW security weakness diagnosis guide and suggests solutions. SW developers conduct frequent analyses to ensure developers write secure source code, and before the final release, they perform a full analysis to re-verify the entire code and secure SW security.

Sparrow DAST detects web vulnerabilities occurring in the operating environment based on inspection criteria such as the detailed guide for technical vulnerability analysis of critical information and communication infrastructure. In practice, SW developers apply secure coding with Sparrow SAST and then check and address vulnerabilities during input/output processes with Sparrow DAST, further enhancing security.

Sparrow SCA identifies the open source in use and provides vulnerability and license information, allowing confirmation and updates of safe open source versions. It also enables automatic generation of the Software Bill of Materials (SBOM), which can be conveniently provided to customers upon request, ensuring SW reliability.

Jang Ilsu, CEO of Sparrow, said, "As domestic and international supply chain security attacks intensify, SW supply chain security has become a necessity, not an option, for SW developers." He added, "Considering security from the development stage and being able to integrate and manage not only self-developed code but also various forms of open source through appropriate analysis is essential to ensure product safety."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.