We use cookies, including cookies from third parties, to enhance your user experience and the effectiveness of our marketing activities. These cookies are performance, analytics and advertising cookies, please see our Privacy and Cookie policy for further information. If you agree to all of our cookies select “Accept all” or select “Cookie Settings” to see which cookies we use and choose which ones you would like to accept.
LG Recognized as Industry’s First for Compliance With Open Source Software Security Management
Receiving Certification for ISO/IEC DIS 18974 Compliance, Company
Aims to Strengthen Competitiveness of Its Software-Based Businesses
SEOUL, April 28, 2023 — LG Electronics (LG) recently earned industry-first recognition for its software supply chain security management system, receiving ISO/IEC DIS 18974 certification – the international standard for open source software (OSS) security management systems established by the Linux Foundation’s OpenChain Project. Comprised of a global network of companies, the OpenChain Project is a voluntary consultative body focused on building trust in the OSS supply chain.
LG’s software supply chain security management system meets over thirty of the requirements stipulated by the OpenChain Project, including the establishment of internal policies related to OSS security, the periodic updating of security policies and the use of various tools for software security testing.
The first global manufacturer to obtain the ISO/IEC DIS 18974 certification, LG continues to demonstrate its advanced capabilities and a strong commitment to responding to security vulnerabilities in the software supply chain.
As part of the company’s strategy to upgrade its business portfolio, the company is accelerating its advancement into non-hardware business areas, such as platforms, solutions as well as content and services, by leveraging its accumulated software capabilities and expertise in diverse segments including home appliances, TVs, electric vehicle components and B2B solutions. Additionally, by securing global competitiveness in terms of OSS supply chain security and stability, LG expects to further strengthen overall business competitiveness.
With the heavy reliance on software systems in today’s business environment, the importance of OSS security cannot be overstated. According to the 2022 Open Source Security and Risk Analysis Report released by global security company, Synopsys, about 81 percent of OSS used in software development has security vulnerabilities.
OSS is distributed with its source code, making it publicly available for use, modification and distribution by anyone at any time. It can reduce the time and cost of software development and is advantageous in terms of ecosystem expansion, leading to its wide use across service and platform development.
In 2019, LG became the first Korean company to conform to ISO/IEC 5230, the International Standard for open source license compliance. In 2014, the company developed the OSS management tool ‘FOSSLight’ (Free and Open Source Software Light), which has been available to external developers, contributing to the revitalization of the global OSS ecosystem since 2021. “LG will further enhance its capabilities for security for products and services by continuously upgrading its open source software security management system,” said Park In-sung, head of the Software Center at LG Electronics. For those interested in learning more about the OpenChain Project, please visit the Open Chain website.