LG Electronics (LG) now has an OpenChain Security Assurance Specification 1.1 (ISO/IEC DIS 18974) conformant program. This standard defines the key requirements of a quality open source security assurance program, and helps to both reduce errors and increase efficiency across the global supply chain. This builds on their previous adoption of ISO/IEC 5230, the International Standard for open source license compliance.
“LG Electronics has a long history in open source and a well-known open source office,” says Shane Coughlan, OpenChain General Manager. “Their governance contributions like the FOSSLight tooling to help other companies has been an inspiration in South Korea and beyond. The conformance announcement today comes from the LG Cybersecurity Governance Team and underscores a company-wide commitment to excellence. As LG joins BlackBerry and Interneuron in driving the future of open source security assurance, we both welcome this announcement, and look forward to close collaboration in the future.”
Adoption of ISO/IEC DIS 18974 was driven by the LG Cybersecurity Governance Team. They are responsible for:
- Establishing LG’s software development process (LG-SDL: Secure Development Lifecycle) to develop secure software for all LG Electronics products
- Reflecting the latest Global Standards (ETSI, ENISA, NIST, etc.) and adapting them for the LG development ecosystem
- Operating LG VulDOC (Vulnerability Detection Of Code) DevSecOps to Identify and resolve potential security vulnerabilities through various software verification methods
- Managing the LG Product Security Response Team (PSRT) to minimize security damage to our customers through authentic communication with security registrants and external stakeholders
- Managing Third-Party developed software supply chain risk management
About LG Electronics
LG Electronics is a global innovator in technology and consumer electronics with a presence in almost every country and an international workforce of more than 74,000. LG’s four companies – Home Appliance & Air Solution, Home Entertainment, Vehicle component Solutions and Business Solutions – combined for global revenue of over KRW 80 trillion in 2022. LG is a leading manufacturer of consumer and commercial products ranging from TVs, home appliances, air solutions, monitors, service robots, automotive components and its premium LG SIGNATURE and intelligent LG ThinQ brands are familiar names world over.
About the OpenChain Project
The OpenChain Project maintains the International Standard for open source license compliance and the de-facto standard for open source security assurance. These allow companies of all sizes and in all sectors to adopt the key requirements of quality open source compliance or security assurance programs. They are open standards. All parties are welcome to engage with our community, to share their knowledge, and to contribute to the future of our standards.
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.