Upload
black-duck-software
View
122
Download
0
Embed Size (px)
Citation preview
Open Source Insight:Record Vulns in 2017 and Predictions for Open Source in 2018
Fred Bals | Senior Content Writer/Editor
Cybersecurity News This Week
We enter the last month of 2017 with two reports that should give pause: The National Vulnerability Database, has documented more than 13,400 vulnerabilities so far this year, more than double the database logged in all of 2016. Plus, as unbelievable as it sounds, more than 90 percent of firms using the same open source framework that led to the Equifax data breach have failed to keep the software up to date.
Several Black Duck executives published commentaries on security issues of the day, including VP of Product Marketing Patrick Carey’s predictions for open source in 2018; Senior Security Evangelist Tim Mackey on the Uber data breach; VP of Security Strategy Mike Pittenger on the updated OWASP top ten list of web app vulnerabilities; and Vice President & General Counsel Matt Jacobs on the Equifax breach, the GDPR and open source security. Read more on the top cybersecurity and open source security news in this week’s Open Source Insight.
• Black Duck Software 2018 Predictions: What's in Store
for Open Source in 2018?
• Reported Sofxtware Vulnerabilities on Track to Break
Record in 2017
• AWS + Black Duck Adds Security for Cloud-build
Environments
• How Israel Became the Land of Connected Car
Research and Development
• Open Source's Killer Features: What Makes Open
Source So Popular?
• 9 in 10 Firms Also Failed to Patch Software That Sunk
Equifax
Open Source News
More Open Source News
• OpenEMR Flaw Leaves Millions of Medical Records Exposed to Attackers
• Security Industry Responds to Massive Uber Data Breach Cover-up
• OWASP Vulnerability Chart Suggests Web App Devs Are Not Smelling the Security Coffee
• The Shape of Things to Come: The Equifax Breach, the GDPR and Open-Source Security
• Uber's Data Breach Cover-Up Strategy May Be More Common Than You'd Think
• Don't Let Poor IoT Security Turn Your Devices Against You
via VM Blog: Everyone uses open source. It's
now found in around 95% of applications, a
figure likely to edge closer to 100% by the end of
2018. Polishing up his crystal ball, here are
some events Black Duck VP of Product
Marketing Patrick Carey sees around open
source in the coming year.
Black Duck Software 2018 Predictions: What's in Store for Open Source in 2018?
Reported Software Vulnerabilities on Track to Break Record in 2017
via eWeek: A combination of increased reporting and more software programs are causing vulnerability reports to rise by more than a third compared to 2016 and are on track to set a record.
via Black Duck blog (Evan Klein): DevOps
teams expect to spend less time on security,
while updating applications more frequently and
adding new open source components as a
regular part of their process. As DevOps teams
continue this trend, they also need to fully
integrate and automate security.
AWS + Black Duck Adds Security for Cloud-build Environments
How Israel Became the Land of Connected Car Research and Development
via Security Intelligence: A recent study by Black Duck Software noted that, because smart automobile manufacturers have been “focusing their attention on differentiating features, the disparity between innovation and security is growing at an accelerated speed.” With so much investment in connected car research and development, Israel is leading the way in the effort to make the roads safer for smart car operators around the world.
via Channel Futures: Open source software is
massively popular. A majority of organizations
now use open source software, and 65 percent
of companies contribute to open source
projects, according to Black Duck, an open
source security and compliance company.
Open Source's Killer Features: What Makes Open Source So Popular?
9 in 10 Firms Also Failed to Patch Software That Sunk Equifax
via the Hill: More than 90 percent of applications using the same computer programming library that, left unpatched, lead to the Equifax data breach also fail to keep the software up to date.
via Help Net Security: A vulnerability in the
free, open source electronic medical record and
medical practice management software
OpenEMR can be exploited to steal patients’
medical records and other personally identifiable
information.
OpenEMR Flaw Leaves Millions of Medical Records Exposed to Attackers
Security Industry Responds to Massive Uber Data Breach Cover-up
via IT Security Thing: Black Duck Software’s Senior Security
Evangelist, Tim Mackey notes, “The larger issues of Uber’s actions and
failure to disclose a breach that occurred in 2016 aside, the breach
apparently occurred when hackers discovered that the company’s
developers had published code that included their usernames and
passwords on a private account of the software repository GitHub.”
via SC Magazine: When you consider that Black Duck's
2017 Open Source Security and Risk Analysis (OSSRA)
report found open source in 96 percent of the commercial
software tested, and known vulnerabilities in two-thirds of
those code bases, it's an inertia that's proving very costly.
"This lack of visibility is seen even in companies with strong
application security programs" insists Black Duck's VP of
security strategy, Mike Pittenger.
OWASP Vulnerability Chart Suggests Web App Devs Are Not Smelling the Security Coffee
The Shape of Things to Come: The Equifax Breach, the GDPR and Open-Source Security
via Science Direct (Elsevier): Although the General Data Protection
Regulation (GDPR) is being hailed as a sort of revolution, what it really
represents is the law catching up with reality. The GDPR isn't alone, of
course – in the information security space it is accompanied by the
Network and Information Security Directive (NISD). Both the GDPR and
NISD go into effect in May 2018. Daniel Hedley of Irwin Mitchell LLP
and Matthew Jacobs of Black Duck Software describe the
consequences of not getting to grips with the GDPR and the processes
and policies you need to get into place now.
via The National Law Journal: Uber has been
widely criticized for its decision to hide a 2016
data breach and pay hackers for their silence,
but it may not be the only company in town to do
so.
Uber's Data Breach Cover-Up Strategy May Be More Common Than You'd Think
Don't Let Poor IoT Security Turn Your Devices Against You
via IoT Agenda: Earlier this year, the IoT-focused security firm Senrio
discovered a hackable flaw called Devil’s Ivy, which has the potential to
put thousands of different models of security cameras at risk. The
vulnerability is found in a piece of open source code called gSOAP,
created and maintained by a small company named Genivia. At least 30
companies use gSOAP in their IoT products.
Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.