Regulatory Trends
Examines the state of software supply chain security regulations that are being strengthened worldwide, such as U.S. EO 14028 and the EU CRA.
This page is learning material that explains the background of supply chain security. If you are looking for how to generate and submit an SBOM, go straight to the Supplier Guide.
A software supply chain attack is a cyberattack technique in which an attacker infiltrates the systems of a software developer or supplier, or the development process itself, to plant malicious code or exploit vulnerabilities.
Whereas traditional attacks directly target end users, supply chain attacks contaminate trusted software updates or development tools, thereby simultaneously infecting the many downstream companies and users that rely on them.
graph LR
A[Attacker] -->|Infiltrate| B[Supplier Build Server]
B -->|Inject Malware| C[Compromised Software Update]
C -->|Distribute| D[Customer A]
C -->|Distribute| E[Customer B]
C -->|Distribute| F[Customer C]
classDef danger fill:#FDE1E7,stroke:#EA002C,color:#8A0019,stroke-width:1.5px
classDef victim fill:#ffffff,stroke:#c8c8c8,color:#171717,stroke-width:1px
class A,B,C danger
class D,E,F victim70-90% of modern application code consists of open source components. When a single common component is compromised the damage spreads worldwide, and code compromised at the build stage is hard to catch with traditional security checks such as firewalls and antivirus. To manage this risk, SK Telecom has adopted SBOMs and enforces a supply chain security policy.
Examines the state of software supply chain security regulations that are being strengthened worldwide, such as U.S. EO 14028 and the EU CRA.
Describes the supply chain security policy and principles that partners supplying software to SK Telecom must comply with.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.