With the Ministry of the Interior and Safety determining that the "Everyone's Startup" platform is a public information system, the appropriateness of the developer selection process is expected to reemerge as a key issue. That is because the project moved forward without going through the procedures and standards required for public information systems.

Particularly, as it has been confirmed that a person from a virtual asset exchange that suffered a large-scale hacking incident in the past is employed at the platform developer, whether the advance vetting was appropriate is also drawing attention.

A roundtable for the Everyone's Startup Project takes place at Gyeongsang National University in Jinju, South Gyeongsang Province./Courtesy of Ministry of SMEs and Startups

According to a Ministry of the Interior and Safety authoritative interpretation obtained by ChosunBiz from People Power Party lawmaker Kang Seung-gyu's office on the 9th, the MOIS concluded in response to a Ministry of SMEs and Startups inquiry that "the Everyone's Startup platform falls under an information system as defined by the Guidelines on the Establishment and Operation of Information Systems of Administrative and Public Institutions." It viewed the platform not as something created by the private sector but as an e-government service that implements government policy and a public information system operated by an administrative agency.

Under the MOIS determination, the Everyone's Startup platform is subject to the guidelines on establishing and operating public information systems. Before placing the order, the project must undergo prior consultation on the informatization project, and if it is subject to audit, the information system grade must be assessed and an information system audit conducted.

If an administrative agency subsequently places the order, it must follow the procedures set out in the guidelines, such as preparing a request for proposals, selecting a contractor, and executing a contract. Depending on the contracting method, procedures may vary between competitive bidding and private contracts, but the selection process includes evaluating technical capabilities and reviewing information security requirements.

However, TripleOS, the developer of the Everyone's Startup platform, was selected as the company to build the platform without a separate service contract with the Ministry of SMEs and Startups (MSS) or going through public bidding procedures.

Because the project proceeded in a "contributed acceptance" format in which Shinhan Bank built the platform and provided it free of charge to the Korea Institute of Startup and Entrepreneurship Development (KISED), Shinhan Bank handled the selection of the builder.

After the project moved forward, an incident occurred in which successful applicants' personal information was leaked from the platform, and the MOIS determined it to be a public information system.

The launch ceremony for the first cohort of Everyone's Startup is underway at Startup·Venture Campus Seoul in Mapo-gu, Seoul, on Jun. 16./Courtesy of Hong In-seok

The Ministry of Science and ICT also judged the Everyone's Startup platform construction project to be a software project under the Software Promotion Act. Accordingly, it is a point to examine whether it was subject to related systems such as review by the Software Task Review Committee and project impact assessment, and whether those procedures were actually carried out.

Whether the contractor's security capabilities and development personnel were sufficiently vetted during the developer selection process is also emerging as a point of contention. TripleOS employs development personnel formerly with Peertech, operator of the virtual asset exchange GDAC, which suffered hacking damage totaling 20 billion won in the past.

Founded in late 2017, Peertech operated the virtual asset exchange GDAC and expanded its presence in the exchange market centered on corporate members, but amid a decline in trading volume and a large-scale hacking incident in 2023, it ultimately went bankrupt.

It has not been confirmed whether key TripleOS personnel were related to the GDAC hacking incident while at Peertech. The MSS's position is that "because the Everyone's Startup platform was built through private-sector cooperation, we do not hold contract-related materials." It did not respond to the MOIS authoritative interpretation and other matters.

Lawmaker Kang Seung-gyu said, "Had even the minimum vetting procedures required by law been followed, there would not have been the heartbreaking leak of valuable personal information and business ideas," adding, "An immediate audit is needed of the entire process of building and operating the Everyone's Startup platform, which is cloaked in private-sector cooperation but marred by poor execution."

※ This article has been translated by AI. Share your feedback here.