Red Pen Soft, a subsidiary of Softcamp, said on the 1st that it has released a new solution, XSCAN Secure Asset, which integrates and manages the entire supply chain security lifecycle from software development to operations in a single workflow.
Softcamp noted that software brought in from outside is installed in internal systems, deployed to production servers, and continuously modified in the actual runtime environment, so integrated security management across the entire process is required. Accordingly, recent interest in software supply chain security among corporations is moving beyond simple open-source vulnerability checks toward ensuring the reliability of the entire process in which software is developed, brought in from outside, and run on production servers.
Accordingly, corporations must determine whether the components at development time match the actual components on servers in operation, whether known vulnerabilities affect the actual runtime environment, and which server asset are exposed to risk. As a result, the importance of SBOM (software bill of materials), which identifies software components, and VEX (vulnerability exploitability exchange), which determines whether vulnerabilities have real-world impact, is growing.
Red Pen Soft diversified the configuration of the XSCAN product line in line with this trend: XSCAN Supply Chain, which verifies developed and imported software supply chains; XSCAN Server Runtime, which secures security visibility into server assets and runtime environments; and XSCAN Secure Asset, an open-source asset management platform that integrates development, import, and operations environments into a single workflow.
Bae Hwan-guk, CEO of Red Pen Soft, said, "Software supply chain security is no longer an issue confined to a particular development stage but is expanding into a core task of ensuring the reliability and operational stability of all software assets used by corporations."