LG Electronics (LG) recently became the first global manufacturer to receive ISO/IEC DIS 18974 certification, a prestigious recognition for its software supply chain security management system.
This international standard for open-source software (OSS) security management systems was established by the Linux Foundation's OpenChain Project, a voluntary advisory body focused on building trust in the OSS supply chain.
LG's achievement demonstrates its advanced capabilities and commitment to addressing security vulnerabilities in the software supply chain.
The OpenChain Project, which consists of a global network of companies, establishes over thirty requirements for OSS security management systems.
LG's certified software supply chain security management system meets these requirements, including setting internal policies related to OSS security, periodically updating security policies, and using various software security testing tools.
As part of LG's strategy to upgrade its business portfolio, it is accelerating its expansion into non-hardware businesses such as platforms, solutions, and content and services.
Furthermore, leveraging its accumulated software capabilities and expertise in various segments, including home appliances, TVs, electric vehicle components, and B2B solutions, LG aims to ensure global competitiveness regarding OSS supply chain security and stability, strengthening its overall business competitiveness.
The importance of OSS security has grown exponentially in today's software-dependent business environment.
The 2022 Open Source Security and Risk Analysis Report from global security firm Synopsys reveals that approximately 81% of OSS used in software development has security vulnerabilities.
In addition, OSS, distributed with its source code, is publicly available and beneficial for ecosystem expansion, leading to its widespread use in service and platform development.
In 2019, LG became the first Korean company to comply with ISO/IEC 5230, the international open-source license compliance standard.
Furthermore, in 2014, LG developed the OSS management tool "FOSSLight" (Free and Open Source Software Light), which has been available to external developers since 2021, contributing to the revitalization of the global OSS ecosystem.