Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAK.KO-11.0309 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2022-12-07 ÃÑÆäÀÌÁö 21
ÇѱÛÇ¥ÁØ¸í °ø°³ ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸Á °ü¸®¸¦ À§ÇÑ ¼ÒÇÁÆ®¿þ¾î ¸ñ·Ï ±¸¼º(SBOM) ¼Ó¼º ±Ô°Ý
¿µ¹®Ç¥Áظí SBOM (Software Bill of Materials) Attribute Specification for Open Source Software Supply Chain Management
Çѱ۳»¿ë¿ä¾à ÃÖ±Ù °ø°³ ¼ÒÇÁÆ®¿þ¾î °³¹ß ¹× »ç¿ëÀÌ »ê¾÷ Àü¹Ý¿¡ °ÉÃÄ ±ÞÁõÇÏ°í ÀÖ´Â ¹Ý¸é °ø°³ ¼ÒÇÁÆ®¿þ¾î°¡ »ç¿ëµÈ ¼ÒÇÁÆ®¿þ¾î¿¡ ´ëÇÑ ¸íÈ®ÇÑ ±¸¼º¿ä¼Ò ¸ñ·Ï¿¡ ´ëÇÑ °¡½ÃÈ­ ºÎÁ·À¸·Î ÀÎÇØ º¸¾ÈÃë¾àÁ¡ ¹× ¶óÀ̼±½º À§¹Ý°ú °°Àº À§ÇèÀ» ³»Æ÷ÇÏ°í ÀÖ´Ù. ±âÁ¸¿¡ SPDX, SWID, CyclonDX µî°ú °°ÀÌ ¼ÒÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò ¸ñ·ÏÀ» °ü¸®ÇÏ´Â Æ÷¸ËÀÌ ÀÖÁö¸¸ À§Çè ¿¹¹æÀ» À§ÇÑ Á¾ÇÕÀûÀÎ ±¸¼º¿ä¼Ò ¸ñ·ÏÀ» Á¦½ÃÇÏÁö ¾Ê°í ÀÖ°í ´Ù¾çÇÑ °ø±Þ¸ÁÀÇ ÀÌÇØ°ü°èÀÚµéÀÇ ¿ä±¸»çÇ׿¡ µû¶ó °ü¸®ÇØ¾ß ÇÒ ¼ÒÇÁÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò ¸ñ·Ï ¶ÇÇÑ ´Ù¾çÇØ Áú ¼ö Àֱ⠶§¹®¿¡ ¼ÒÇÁÆ®¿þ¾î °ø±ÞÀÚµéÀÌ ÀûÀýÇÑ ¼ÒÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò ¸ñ·Ï °ü¸®¿¡ ¾î·Á¿òÀ» °Þ°í ÀÖ´Ù. º» Ç¥ÁØ¿¡¼­´Â ÀÌ·¯ÇÑ ´Ù¾çÇÑ ¼ÒÇÁÆ®¿þ¾î °ø±Þ¸Á°ú »ç¿ë¸ñÀû¿¡ µû¸¥ °¡º¯ÀûÀÎ ¼ÒÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò¸ñ·Ï °ü¸®¿¡ ÀÖ¾î ¼ÒÇÁÆ®¿þ¾î °ø±ÞÀÚµéÀÌ ±âº»ÀûÀÎ ±âÁØÀ» °¡Áö°í ¼ÒÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò¸ñ·ÏÀ» »ý¼º ¹× °ü¸®ÇÒ ¼ö ÀÖµµ·Ï ¼ÒÇÁÆ®¿þ¾î °³¹ß ¹× °ø±Þ¿¡ °øÅëÀûÀ¸·Î ÇÊ¿ä½Ã µÇ´Â 15°¡ÁöÀÇ ¼ÒÇÁÆ®¿þ¾î ±¸¼º¿ä¼Ò °ü¸® Ç׸ñÀ» Á¦½ÃÇÑ´Ù. ¼ÒÇÁÆ®¿þ¾î °ø±ÞÀÚµéÀº º» Ç¥ÁØ¿¡¼­ Á¦½ÃÇÏ°í ÀÖ´Â °ü¸®Ç׸ñÀ» ±âÁØÀ¸·Î ´Ù¾çÇÑ ÀÌÇØ°ü°èÀÚµéÀÇ ¿ä±¸»çÇ׿¡ µû¶ó Ãß°¡ÀûÀÎ Ç׸ñÀ» µµÃâÇÏ¿© °ü¸®ÇÒ ¼ö ÀÖ´Ù.
¿µ¹®³»¿ë¿ä¾à While the development and use of open software has been rapidly increasing across industries in recent years, the lack of visibility into a clear list of components for the software in which open software is used poses risks such as security vulnerabilities and license violations. There are existing formats for managing the list of software components such as SPDX, SWID, CyclonDX, etc., but it does not provide a comprehensive list of components for risk prevention. The list of elements can also vary, making it difficult for software providers to manage an appropriate list of software components. In this standard, in the management of the variable software component list according to the various software supply chains and purpose of use, 15 types commonly required for software development and supply so that software providers can create and manage the list of software components with basic standards of software component management items. Software providers can derive and manage additional attributions according to the requirements of various stakeholders based on the management attributions presented in this standard.
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAK.KO-11.0309.pdf TTAK.KO-11.0309.pdf            

ÀÌÀü
ÇÇ½Ì »ç°í¿¡ ´ëÇÑ º¸¾È Áöħ
´ÙÀ½
½º¸¶Æ® ´Ü¸» º¸¾È Ç÷§ÆûÀ» ÀÌ¿ëÇÑ ÀüÀÚ ±ÝÀ¶ ¼­ºñ½º ¾ÆÅ°ÅØó