AI-based cybersecurity company AI SPERA announced on the 12th that it has completed a government-led Software Bill of Materials (SBOM) demonstration project. This demonstration provided a practical example of applying SBOM to a real-world service environment within the domestic software supply chain security system.
SBOM systematically manages the source, version, and license information of open source and third-party libraries that make up software, and is being used as a global supply chain security standard. In the US and Europe, SBOM submissions are required primarily for government procurement and major industries. However, in Korea, the system and technology are still in their infancy, with limited empirical examples.
In this demonstration project, AI Spera integrated its SBOM system with its Attack Surface Management (ASM) and threat intelligence platform, Criminal IP, to implement an automated operating model for supply chain security. Criminal IP features a structure that identifies all software components within the service and manages each component's version, source, and license information.
This created an environment where, when a new vulnerability is disclosed externally, the inclusion of that element and its scope of impact could be quickly identified, and response priorities could be established. Furthermore, an SBOM-based automation system structured software asset management, change history tracking, and vulnerability response processes into a single workflow.
The system is designed to address key security and compliance requirements, including ISO/IEC 27001, SOC 2, PCI DSS, and ISMS, as well as the NIST-based security framework, FedRAMP, and EU supply chain transparency regulations. This provides a foundation for managing historical information related to software changes as reproducible data.
AI Spera explained that through this demonstration, it has shortened the time it takes to assess and address vulnerabilities and established a supporting evidence system for audits and regulatory compliance. The operational model, which combines SBOM and criminal IP, is considered a factor that enhances the consistency of supply chain security response and operational stability.
Kang Byeong-tak, CEO of AI Spera, said, “We have verified the applicability of SBOM through demonstration in the domestic environment where its introduction is in its early stages,” and added, “We plan to continuously advance the supply chain security model that combines technology and operations.”
- See more related articles
You must be logged in to post a comment.