LG Recognized as Industry’s First for Compliance With Open Source Software Security Management
2023.04.28SEOUL, April 28, 2023 — LG Electronics (LG) recently earned industry-first recognition for its software supply chain security management system, receiving ISO/IEC DIS 18974 certification – the international standard for open source software (OSS) security management systems established by the Linux Foundation’s OpenChain Project. Comprised of a global network of companies, the OpenChain Project is a voluntary consultative body focused on building trust in the OSS supply chain.
LG’s software supply chain security management system meets over thirty of the requirements stipulated by the OpenChain Project, including the establishment of internal policies related to OSS security, the periodic updating of security policies and the use of various tools for software security testing.
The first global manufacturer to obtain the ISO/IEC DIS 18974 certification, LG continues to demonstrate its advanced capabilities and a strong commitment to responding to security vulnerabilities in the software supply chain.
As part of the company’s strategy to upgrade its business portfolio, the company is accelerating its advancement into non-hardware business areas, such as platforms, solutions as well as content and services, by leveraging its accumulated software capabilities and expertise in diverse segments including home appliances, TVs, electric vehicle components and B2B solutions. Additionally, by securing global competitiveness in terms of OSS supply chain security and stability, LG expects to further strengthen overall business competitiveness.
With the heavy reliance on software systems in today’s business environment, the importance of OSS security cannot be overstated. According to the 2022 Open Source Security and Risk Analysis Report released by global security company, Synopsys, about 81 percent of OSS used in software development has security vulnerabilities.
OSS is distributed with its source code, making it publicly available for use, modification and distribution by anyone at any time. It can reduce the time and cost of software development and is advantageous in terms of ecosystem expansion, leading to its wide use across service and platform development.
In 2019, LG became the first Korean company to conform to ISO/IEC 5230, the International Standard for open source license compliance. In 2014, the company developed the OSS management tool ‘FOSSLight’ (Free and Open Source Software Light), which has been available to external developers, contributing to the revitalization of the global OSS ecosystem since 2021.
“LG will further enhance its capabilities for security for products and services by continuously upgrading its open source software security management system,” said Park In-sung, head of the Software Center at LG Electronics.
For those interested in learning more about the OpenChain Project, please visit the Open Chain website.