Spairrow announced on the 14th that they held their annual customer invitation event, ‘PUC 2024 (Power User Conference),’ at El Tower in Seocho-gu, Seoul on the afternoon of the 13th. At this event, Spairrow shared trends in software supply chain security, one of the largest security issues both domestically and internationally, and practical application cases to address it.
Spairrow’s PUC is an annual conference designed to share the latest application security trends and strategies with IT and security professionals from various industries. This year’s conference was held under the theme of ‘Next Generation Application Security.’ Spairrow presented strategies for software supply chain security and the role of software supply chain participants, as well as introduced a vulnerability management platform based on new technologies.
During the keynote speech, the CEO of Spairrow stated, “Various countries are pushing to institutionalize supply chain security enhancement in response to the EU’s proposed legislation requiring obligatory submission of Software Bill of Materials (SBOM) and the U.S.’s demand for compliance with Secure Software Development Framework (SSDF).” Emphasizing the importance of SBOM as a means to secure software reliability, he highlighted the necessity for supply chain participants to continuously monitor vulnerabilities in open source software, as well as internally developed and commercial software, to build a supply chain management system and enhance resilience.
Additionally, the CEO proposed ‘Spairrow Enterprise’ as a solution to automate security testing within the Software Development Life Cycle (SDLC) and integrate vulnerability management. He explained that Spairrow Enterprise analyzes source code, open source, and web vulnerabilities on a single platform, enabling the implementation of DevSecOps by integrating with CI/CD tools and configuration management tools, and supporting vulnerability assessment reports and various SBOM formats for software transparency.
Following the keynote speech, practical cases of applying software supply chain security with Spairrow products were shared. Park Il, a director at Net and, a specialized integrated access control and account management solution company, presented a case where vulnerability management processes were established using Secure Coding (SAST), Open Source Management (SCA), and Web Vulnerability Analysis (DAST) tools, resulting in cost savings and resource optimization.
Min-ki Han, a team leader at Fincysecuity, an information security professional service company, explained the utilization of SBOM from the perspective of SW operators based on a proven SW supply chain security project in collaboration with Spairrow and Consortium.
Furthermore, at the event, Spairrow’s roadmap tailored to the latest technological advancements was also unveiled. Senior researcher Yoon Jong-won from Spairrow announced, “With new technologies being applied to the application development environment such as Infrastructure as Code (IaC) and containers, new security threats have emerged.” He further stated that Spairrow will continue conducting research on vulnerability diagnosis for IaC-based infrastructures, dynamic vulnerability diagnosis based on API specifications, and container image analysis to address and adapt to emerging security threats.