Software Supply Chain Attacks and the Need for Security on SK telecom Open Sourcehttps://sktelecom.github.io/en/guide/supply-chain/overview/Recent content in Software Supply Chain Attacks and the Need for Security on SK telecom Open SourceHugoenRegulatory Trendshttps://sktelecom.github.io/en/guide/supply-chain/overview/regulations/Mon, 01 Jan 0001 00:00:00 +0000https://sktelecom.github.io/en/guide/supply-chain/overview/regulations/<h2 id="1-united-states-executive-order-14028-eo-14028">1. United States: Executive Order 14028 (EO 14028)<a class="td-heading-self-link" href="#1-united-states-executive-order-14028-eo-14028" aria-label="Heading self-link"></a></h2> <p>In May 2021, the Biden administration issued the &ldquo;Executive Order on Improving the Nation&rsquo;s Cybersecurity (Executive Order 14028).&rdquo; This was a decisive turning point at which supply chain security began to be addressed at the level of national security in the aftermath of the SolarWinds incident.</p> <h3 id="key-provisions">Key Provisions<a class="td-heading-self-link" href="#key-provisions" aria-label="Heading self-link"></a></h3> <ul> <li>Mandatory SBOM submission: Companies that supply software to the federal government must submit an SBOM.</li> <li>NIST guideline compliance: Companies must comply with the Secure Software Development Framework (SSDF) defined by NIST (the U.S. National Institute of Standards and Technology).</li> <li>Minimum standards: The U.S. administration led standardization by defining the minimum elements of an SBOM (data fields, automation support, etc.).</li> </ul> <h2 id="2-european-union-eu-cyber-resilience-act-cra">2. European Union (EU): Cyber Resilience Act (CRA)<a class="td-heading-self-link" href="#2-european-union-eu-cyber-resilience-act-cra" aria-label="Heading self-link"></a></h2> <p>Through the Cyber Resilience Act (CRA), the EU has enacted into law security requirements spanning the entire lifecycle of digital products.</p>SK Telecom Supply Chain Security Policyhttps://sktelecom.github.io/en/guide/supply-chain/overview/policy/Mon, 01 Jan 0001 00:00:00 +0000https://sktelecom.github.io/en/guide/supply-chain/overview/policy/<blockquote> <hr> <p>NOTICE.</p> <p>In accordance with internal security and document management policies, this document is a summary that excludes confidential content. Please note that it is written around high-level key points rather than the full content.</p> <hr> </blockquote> <h2 id="1-purpose-of-the-policy">1. Purpose of the Policy<a class="td-heading-self-link" href="#1-purpose-of-the-policy" aria-label="Heading self-link"></a></h2> <p>The purpose of this policy is to ensure the transparency of all software that SK Telecom adopts, and to identify and eliminate, in advance, the risks of known vulnerabilities and license violations.</p>