The South Korean government is taking steps to enhance the security of software supply chains by integrating security measures from the development stage and establishing an AI-based threat detection and response system.
On June 24, the Ministry of Science and ICT and the National Intelligence Service announced the "Software Supply Chain Security Roadmap for the Era of AI."
Software has become a key element in various industries, including manufacturing, transportation, and healthcare, as digital transformation accelerates. Consequently, the software supply chain is expanding. However, the rise of high-performance AI-based attacks has exposed limitations in existing supply chain security systems. According to the Ministry of Science and ICT, the number of reported security incidents rose to 2,383 last year, a 26.3% increase from the previous year. In the first half of 2024, incidents increased by approximately 15%, from 899 to 1,034, and in the second half of 2024, incidents rose by about 36.5%, from 988 to 1,349 in 2025.
In response, the government has established a roadmap to strengthen supply chain security for businesses and institutions. Key components include: integrating security into the development and supply stages, building an AI-based threat detection and response system, and refining security regulations and governance for software supply chains.
The roadmap emphasizes embedding security from the development and supply stages to enhance software transparency and proactively mitigate threats. It includes establishing security standards and guidelines, supporting businesses in assessing their security levels, and transitioning development environments. The government also aims to promote the use of Software Bill of Materials (SBOM) for management models and develop AI-driven security automation technologies.
Considering the nature of supply chain attacks, which can spread from one incident to multiple businesses and institutions, the government plans to strengthen threat detection and response capabilities. It will expand vulnerability discovery channels through bug bounty programs, vulnerability reporting rewards, and the Vulnerability Disclosure Policy (VDP). Additionally, a system will be established to verify the security risks of public information and communication products, while enhancing risk management systems in both the private and public sectors to minimize the spread of damage.
The government will also refine the policy framework to manage the entire software supply chain. A cross-government software supply chain security council will be formed, and a supply chain security forum will be operated to support voluntary security activities in the private sector. Furthermore, the government plans to incorporate relevant elements into private and public security regulations and expand the scope of products and requirements subject to security compliance. It will strengthen cooperation with leading cybersecurity nations and broaden mutual recognition of domestic certification systems to support companies' international expansion.
Lim Jeong-kyu, Director of the Information Protection and Network Policy Bureau at the Ministry of Science and ICT, stated, "As rapid and extensive cyberattacks utilizing AI are becoming a reality, we will continue to strengthen supply chain security through this announcement."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.