Global Site
-
Industries
-
Solutions & Services
-
Products
Global Site
Industries
Solutions & Services
Products
In a working group of the Security Transparency Consortium※1, chaired by Atsuhiro Goto, President and Professor, Graduate School of Information Security, Institute of Information Security, aiming at reducing supply chain security risks, 14 companies※2 consisting of diverse businesses, including NTT Corporation (NTT) and NEC Corporation (NEC) as the chief and vice chief have been working to solve problems and issues faced by users utilizing Visualization Data※3 such as SBOM※4 under the activity vision "Improving and Utilizing Security Transparency"※5 announced in February 2024.
As an example of the using Visualization Data for vulnerability management, the consortium co-creates knowledge to deal with the problems and issues faced by users utilizing Visualization Data, such as identifying and prioritizing vulnerabilities. The result of the Consortium's activities is the release of the "Visualization Data Utilization to Ensure Security Transparency - Vulnerability Management Edition-". This is the first released case study of vulnerability management utilization of Visualization Data in Japan and was co-created by diverse businesses including both the users (e.g., integrators, service providers) and creators (e.g., vendors, integrators) of Visualization Data. It is expected to be useful for businesses in various industries that are considering using Visualization Data for vulnerability management.
To deal with supply chain security risks to products, systems, and services, Visualization Data such as SBOM, which ensures transparency of products, systems, and services, is attracting attention. On August 29, 2024, the Ministry of Economy, Trade and Industry (METI) released "Guidance on Introduction of Software Bill of Materials (SBOM) for Software Management ver 2.0" to promote the introduction of SBOM. Additionally, studies on how to utilize SBOM are underway, especially in the medical and automotive industries, and SBOM is expected to be used in various use cases in the future.
Under such circumstances, various problems and issues need to be solved to utilize Visualization Data, and knowledge based on specific use cases is strongly required. In February 2024, the Consortium also released an activity vision to organize and address the problems and issues faced by users utilizing Visualization Data, and to define an action policy to deal with them. The use of Visualization Data in vulnerability management is a highly anticipated use case, and many of the above problems and issues cannot be solved by a single company, so diverse businesses need to co-create knowledge.
The consortium has co-created knowledge for dealing with the problems and issues raised in the activity vision, by creating a tangible form of vulnerability management, which is one of the use cases where the use of Visualization Data is most anticipated. As an achievement of the consortium, "Visualization Data Utilization to Ensure Security Transparency - Vulnerability Management Edition" has been released on the website※5. An overview is given below, along with the problems and issues raised in the activity vision.
The results of the Consortium's activities are the first released case study in Japan that summarizes the collaborative efforts of diverse businesses in vulnerability management, a specific use case, to solve problems and issues that many businesses face immediately after starting to utilize Visualization Data such as SBOM or when considering the utilization of Visualization Data. This case study is expected to increase security transparency in vulnerability management and reduce supply chain security risks in diverse industries. It will also serve as a reference case study for promoting the utilization of Visualization Data other than vulnerability management in the future.
The Consortium will continue to co-create measures to deal with problems and issues in the utilization of Visualization Data through the collaborative efforts of diverse businesses. Target use cases will be compiled as "Visualization Data Utilization to Ensure Security Transparency," regardless of vulnerability management, and will be released on the Consortium's website※5 from 2025 onward. The Consortium is also continuing to expand the number of participating companies※2※7 and is currently accepting applications for further participation on its website※8 .
***
About NEC Corporation
NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at https://www.nec.com.
LinkedIn: https://www.linkedin.com/company/nec/
YouTube: https://www.youtube.com/user/NECglobalOfficial
Facebook: https://www.facebook.com/nec.global/
NEC is a registered trademark of NEC Corporation. All Rights Reserved. Other product or service marks mentioned herein are the trademarks of their respective owners. ©2025 NEC Corporation.