Lazarus misuses legitimate security software in a supply-chain attack in South Korea, ESET Research discovers

Global Leader in Developer Security, Snyk, Launches in South Korea

Snyk, the leader in cloud native application security with advanced security vulnerability identification technology and innovative developer-first approach, will enter the South Korean market as of this year.

OSBC, a corporation specializing in open source license and security solutions announced today that it has partnered with the leading global developer security platform Snyk and will exclusively distribute Snyk’s flagship solution in South Korea for 2022. OSBC will lead the overall domestic business including sales, marketing and technical support for Snyk’s solution.

Founded in 2015, Snyk enables 2.2 million developers to build securely, with a vision to empower every modern developer in the world to develop fast and stay secure. Snyk provides a platform to secure all of the critical components of today’s cloud native application development including the code, open source libraries, container infrastructure and infrastructure as code (“IaC”). Snyk’s security platform is powered by its industry-leading proprietary vulnerability database, maintained by the expert Snyk security research team. 

By September 2021, Snyk has raised $850 million with over 10% of these total funds directly coming from Atlassian Ventures and Salesforce Ventures, pushing the company’s valuation to $8.6 billion.

OSBC is a pioneer and leader in open source governance with 14 years of open source knowledge and expertise. In January 2020, OSBC declared its second leap forward to become an open source license security solutions and services provider as well as license compliance company and changed its name from BDSK to OSBC. Since its establishment in 2006, it has introduced the importance of open source security and compliance risk management for the first time in Korea and has provided open source management solutions and consulting services. Through various activities such as publishing an open source governance guide and holding a global open source conference annually, it has established itself as the zenith in the domestic open source industry. It has a network of leading companies in all industries including electronics, SI, telecommunications, defense, games, internet, automotive and finance. Through this alliance with Snyk, OSBC will present an efficient approach to the correct use of open source software as they continue to actively expand their customer base.

OSBC entered into this partnership which aligns with  Snyk’s long-term sustainable growth vision and product innovation. Snyk has entered into this partnership because of OSBC’s leading position in one of the most interesting and expansive markets in the world. 

Snyk offers 4 core products on top of its developer-first security platform to cover the entire SDLC and Cloud Native Application context. Namely:

  • Snyk Code – a developer-centric SAST (Static Application Security Testing) solution that is orders of magnitude faster than other solutions, enabling real-time developer workflows, and significantly fewer false positives.
  • Snyk Open Source – a developer-friendly SCA (Software Composition Analysis) solution combining native integration across the SDLC with the most timely, comprehensive, actionable and accurate vulnerability data.  Recently, Snyk Open Source has been a very popular tool for finding and fixing the recent Log4Shell vulnerabilites disclosed on the 10th and 17th Dec 2021.
  • Snyk Container – a container security solution for not only finding but also fixing vulnerabilities in containers and Kubernetes clusters both prior to and after deployment.  
  • Snyk IaC – a solution to protect against security misconfigurations in Infrastructure as Code files such as Terraform, AWS CloudFormation, Azure Resource Manager and Kubernetes configuration files. 

Taek-Wan Kim, CEO & President of OSBC commented, “Through this partnership with Snyk, OSBC can now jointly provide the world’s best solution to find and auto-fix application security issues, such as the recently publicized Log4j shell much more efficiently. We can have better customer protection from application security issues including open source security vulnerabilities.”

Lawrence Crowther, Head of Solution Engineering APJ Snyk commented, “Snyk recognizes the urgency and demand for companies across all industries trying to deal with the Log4Shell vulnerability. In response to this, it has enhanced its free offering on Snyk Open Source and doubled the number of free scans to make it more accessible to the community and developers. This is across the whole SDLC whether that be in the IDE, Git repo, CI/CD or using the Snyk CLI. Snyk is committed to helping the Java community get through this together.”  

This site uses Akismet to reduce spam. Learn how your comment data is processed.