Open Source in Application Security

What's hot

September 13, 2016: Security in the Age of Open Source:

Black Duck by Synopsys

Open Source and Cyber Security: Open Source Software's Role in Government Cyb...

Great Wide Open

In this session, we'll start with the basics of application security for an environment where development teams are able to push code into production at will. We quickly cover the basics and move on to the advanced topics of tests and models for long-term application security. We'll cover real-world Black Duck CI examples including keeping apps up-to-date in Pivotal Cloud Foundry environments, and end with tips for advocating for long-term security structures.

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

Black Duck by Synopsys

This SlideShare will help you understand the shifting open source landscape and why open source security management is becoming more critical. You’ll also understand the high-level capabilities of the Black Duck Hub. You’ll also learn how, in just a few minutes, you can use your existing Protex Bill of Materials to uncover known open source security vulnerabilities lurking in your projects, how to monitor for newly discovered vulnerabilities, and how to take steps to remediate your open source vulnerability risk. Then you’ll be ready to get started by learning more about the integration in Black Duck Academy and using these tools on your own projects.

FROM OPEN SOURCE COMPLIANCE TO SECURITY

Black Duck by Synopsys

How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps. You’ll learn: -New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments -Best practices for designing and incorporating an automated approach to application security into your existing development environment -Future development and application security challenges organizations will face and what they can do to prepare

Software Security Assurance for DevOps

Black Duck by Synopsys

Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security threat we face in 2018. Artifex and Hancom settle their long-running open source licensing dispute, and the hidden costs of open source security. Read all the hottest open source security and cybersecurity news in this week’s Open Source Insight.

Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...

Black Duck by Synopsys

We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application. The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...

Black Duck by Synopsys

The 4 Levels of Open Source Risk Management

Black Duck by Synopsys

We discuss the role software plays in information security and compare and contrast how many of the unique attributes of open source can present particular security challenges as opposed to proprietary/commercial software. We will examine the role open source has played in several high profile security incidents, drawing lessons learned from those incidents. We will also review the standards of “reasonableness” established by widely adopted security standards published by NIST and others and discuss the application of those standards to open source.

The Intersection Between Open Source and Cybersecurity

Black Duck by Synopsys

Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...

Jerika Phelps

As delivered at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Tim Mackey

Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform. If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car

Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...

Black Duck by Synopsys

Automating Open Source Security: A SANS Review of WhiteSource

WhiteSource

Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security. Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code. In this webinar by Cigital and Black Duck security experts, you’ll learn: - The current state of application security management within the Software Development Lifecycle (SDLC) - New security considerations organizations face in testing applications that combine open source and in-house written software. - Steps you can take to automate and manage open source security as part of application development

Managing Open Source in Application Security and Software Development Lifecycle

Black Duck by Synopsys

As presented at OpenShift Commons Sept 8, 2016. Cyber threats consistently rank as a high priority for data center operators and their reliability teams. As increasingly sophisticated attacks mount, the risk associated with a zero-day attack is significant. Traditional responses include perimeter monitoring and associated network defenses. Since those defenses are reactive to application issues attackers choose to exploit, it’s critical to have visibility into both what is in your container library, but also what the current state of vulnerability activity might be. Current vulnerability information for container images can readily be obtained by using the scan action on Atomic hosts in your OpenShift Container Platform. In this session we’ll cover how an issue becomes a disclosed vulnerability, how to determine the risk associated with your container usage, and potential mitigation patterns you might choose to utilize to limit any potential scope of compromise.

The How and Why of Container Vulnerability Management

Tim Mackey

Presented at AppSec California 2017. The fact that software development is moving towards agile methodologies and DevOps is a given, the question is: How do you transform processes and tools to get the biggest advantage? Using application security testing as an example, this talk cuts through all the news, research, and standards to define a holistic process for integrating Agile testing and feedback into development teams. The talk describes specific processes, automation techniques, and the smart selection of tools to help organizations produce more secure, OWASP-compliant code and free up development time to focus on features.

Continuous security: Bringing agility to the secure development lifecycle

Rogue Wave Software

Open Source Security

Sander Temme

What's hot (17)

September 13, 2016: Security in the Age of Open Source:

Open Source and Cyber Security: Open Source Software's Role in Government Cyb...

Shift Risk Left: Security Considerations When Migrating Apps to the Cloud

FROM OPEN SOURCE COMPLIANCE TO SECURITY

Software Security Assurance for DevOps

Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...

The 4 Levels of Open Source Risk Management

The Intersection Between Open Source and Cybersecurity

Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...

Secure Application Development in the Age of Continuous Delivery

Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...

Automating Open Source Security: A SANS Review of WhiteSource

Managing Open Source in Application Security and Software Development Lifecycle

The How and Why of Container Vulnerability Management

Continuous security: Bringing agility to the secure development lifecycle

Open Source Security

Viewers also liked

Proactive sell side due diligence to identify, inventory, assess, and, when necessary, remediate open source risks helps ensure the target company receives the best value for its products in an M&A event (and avoid lawsuits). Discovering these problems late in the game can dramatically affect the final purchase price, trigger the need for additional/longer/enhanced escrows, delay closing or even cause an acquisition to be called off altogether.

Don't Let Open Source be the Deal Breaker In Your M&A

Black Duck by Synopsys

Docker is revolutionizing the way organizations build and deploy applications. But while containers make it easier to development teams to package applications with all their dependencies, they make it harder for operations teams to control what software is deployed into production. In this session you will see how Black Duck Hub helps development and operations teams maintain complete visibility and control of the open source in their containers.

Securing Docker Containers

Black Duck by Synopsys

According to SAP 85% of cybersecurity attacks target the application layer. To be successful in defending against these attacks you need to use a variety of tools. In session we'll go into the various types application security tools and approaches, including SAST, DAST, RASP, PEN, as well as Open Source Vulnerability Management. We'll help you understand the differences between these tools and help you develop a plan for filling your application security toolbox.

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why

Black Duck by Synopsys

PCI and Vulnerability Assessments - What’s Missing

Black Duck by Synopsys

This presentation is about Open Source Software, this may be helpful to understand what is open source, why we need open source software and examples of Open Source software. This Presentation is created by Harishankar Ranagaraj and was presentated at various sessions. Harishankar Rangaraj is the founder and Director of Open Source Academy India Pvt Ltd. For any support on Open Source Software you can Contact us. Open Source Academy Pvt India Ltd, Email: info@osaipl.com www.osaipl.com

Power Point Presentation on Open Source Software

opensourceacademy

The 2016 North Bridge & Black Duck Future of Open Source Study marks the 10th Anniversary of this survey. The study examines open source software trends on an annual basis. Notably, the 2016 survey findings position open source as today’s preeminent architecture, the foundation for nearly all applications, operating systems, cloud computing, databases, and big data. In terms of the strategic influence open source has on their business, respondents see it as an engine for innovation, with 90% reporting they rely on open source for improved efficiency, innovation and interoperability. The most compelling reasons cited in the survey for use of open source included flexibility and freedom from vendor lock-in; competitive features and technical capabilities; ability to customize; and overall quality. The 2016 results also show that the rapid adoption of open source has outpaced the implementation of effective open source management and security practices. Nearly half of respondents report they have no formal processes to track their open source, and half reporting that no one has responsibility for identifying known vulnerabilities and tracking remediation. Key 2016 Insights: Open Source Is The Modern Architecture. Open Source is the foundation now for nearly all applications, operating systems, cloud computing, databases, big data and more. Open Source IS the Engine of Innovation. Open Source is driving business because it facilitates faster, more agile development. This translates into quicker builds, accelerated time to market and vastly superior interoperability. There is a new generation of companies and business models emerging. Respondents report that in the next two or three years, the business models that will generate the most revenue for open source vendors are SaaS (46%); Custom Development (42%) and Services/Support (41%). Challenges remain: Open Source security and management practices have not kept pace with rapid adoption. In the wake of high profile breaches, there is likely to be more emphasis on security. Participation and contribution will secure the future of open source. Investing in the open source community spurs innovation, delivers exponential value and most of all, it’s fun. It continues to grow as a key hiring and retention tool in IT shops of enterprises, governments, and startups alike.

2016 Future of Open Source Study

North Bridge

OPEN SOURCE SEMINAR PRESENTATION

Ritwick Halder

Open Source Technology

priyadharshini murugan

Learn about the winners of the sixth annual Black Duck Open Source Rookies of the Year awards, recognizing the top new open source projects initiated in 2013. This year's Open Source Rookies honorees span cloud and software virtualization, privacy, social media and Internet of Things projects addressing needs in the enterprise, government, gaming and consumer applications, among others, and reflect important trends in the open source community.

2013 Open Source Rookies of the Year

Black Duck by Synopsys

Open Source for Cyber Security

Prabath Siriwardena

Open source security

lrigknat

Open Source has the potential to deliver faster development cycles and better security than traditional proprietary approaches to software. However, turning the potential of Open Source into reality can be difficult. Recent security issues like Heartbleed, Shellshock and the Panama Papers highlighted some of the challenges users of Open Source can face. This talk will explore how we can address them.

(In)security in Open Source

Shane Coughlan

Open Source Software (OSS/FLOSS) and Security

Joshua L. Davis

RVAsec Bill Weinberg Open Source Hygiene Presentation

Black Duck by Synopsys

Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security

Diogo Mónica

Compliance in the 2016 Future of Open Source

Black Duck by Synopsys

Many future challenges will require complex technical solutions. Open source development models and open technical collaboration provide a model to harness disperse resources and technical expertise on a mass scale to leverage resources and talent in ways never known before. We'll discuss these models, how open source projects are deploying them and consider applications of these models to other challenges

Collaborative Development the Gift That Keeps on Giving

Black Duck by Synopsys

What's it like to work at Black Duck

Black Duck by Synopsys

Myths and Misperceptions of Open Source Security

Black Duck by Synopsys

As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

Viewers also liked (20)

Don't Let Open Source be the Deal Breaker In Your M&A

Securing Docker Containers

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why

PCI and Vulnerability Assessments - What’s Missing

Power Point Presentation on Open Source Software

2016 Future of Open Source Study

OPEN SOURCE SEMINAR PRESENTATION

Open Source Technology

2013 Open Source Rookies of the Year

Open Source for Cyber Security

Open source security

(In)security in Open Source

Open Source Software (OSS/FLOSS) and Security

RVAsec Bill Weinberg Open Source Hygiene Presentation

Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security

Compliance in the 2016 Future of Open Source

Collaborative Development the Gift That Keeps on Giving

What's it like to work at Black Duck

Myths and Misperceptions of Open Source Security

Secure Application Development in the Age of Continuous Delivery

Similar to Open Source in Application Security

Adjusting Your Security Controls: It’s the New Normal

Priyanka Aash

Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website. Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. On to this week’s top open source and open source security news…

Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...

Black Duck by Synopsys

State of endpoint risk v3

Lumension

State of endpoint risk v3

Lumension

State of endpoint risk v3

Lumension

A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.

Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...

Black Duck by Synopsys

Ponemon Institute Data Breaches and Sensitive Data Risk

Fiona Lew

Healthcare & MedTech - Open Source Security & Risk Analysis

Black Duck by Synopsys

The State of Endpoint Risk 2011 study, conducted by the Ponemon Institute, has been published. Learn the latest endpoint protection best practices that can assist in your 2011 security planning, including: • Increasingly sophisticated malware and the associated costs • The top 5 applications that concern IT the most • Third-party and Web 2.0 application usage policies and the importance of security awareness training programs • Effective methods to communicate with senior management on evolving endpoint risk and its impact to the business • Technologies that effectively prevent targeted malware and cyber attacks

The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011

Lumension

State of endpoint risk v3

Lumension

State of endpoint risk v3

Lumension

Enable best-of-breed security testing for enterprise, web and mobile applications • Facilitate application security testing for your customers at the appropriate stage of their development lifecycle • Identify security vulnerabilities such as SQL injection and cross-site scripting (XSS) • Automate correlation of static, dynamic and interactive application security testing results • Deliver detailed reporting to your customers that summarise security vulnerabilities, assesses potential risk and offers remediation tactics

Unified application security analyser

Tim Youm

Ponemon Institute conducted this study to better understand the risk of insecure websites and how organizations’ are addressing internal and external threats.1 Sponsored by Imperva and WhiteHat Security, the study reveals that despite having mission-critical applications accessible via their websites, many organizations are failing to provide sufficient resources to secure and protect Web applications important to their operations. This is particularly alarming given that the Web application layer is the number one attack target of hackers.2 We surveyed 638 IT and IT security practitioners with approximately 13 years IT experience in large US-based organizations with an average headcount of about 10,000. They most often are in network, data and application security, including quality assurance for development and testing. More than half are involved in setting priorities, managing budgets and selecting vendors and contractors. While participants in this study consider the biggest threat to their websites is theft of data, they do not believe that their organizations are viewing Web security as a strategic initiative. They also believe their organizations are not allocating sufficient resources to protecting critical Web applications. Further, the IT practitioners surveyed are divided on whether the Web application security program is threat-based (41 percent) or compliance-based (40 percent).

State of Web Application Security by Ponemon Institute

Jeremiah Grossman

Open Source has become the key building block for application development in today's market, where companies are under constant pressure to accelerate time to market. The increasing adoption of open source components, however, has introduced new security challenges that most teams are not prepared to mitigate in their current posture. Join the industry expert, at Whitesource, as she presents the 5 approaches and best practices that security teams should implement in order to enable their developers to harness the power of open source without slowing them down or compromising on security.

Tackling the Risks of Open Source Security: 5 Things You Need to Know

WhiteSource

2016 Trends in Security

Ioannis Aligizakis, M.Sc.

En msft-scrty-cntnt-e book-cybersecurity

Online Business

Cisco 2014 - Anual Security Report

Mandar Kharkar

The State of Data Security

Razor Technology

Intelligence on the Intractable Problem of Software Security

Tyler Shields

Open Source has become the key building block for application development in today's market, where companies are under constant pressure to accelerate time to market. However, the increasing adoption of open source components has introduced new security challenges that most teams are not prepared to mitigate in their current posture. Join Sharon Sharlin, Product Marketing Manager at WhiteSource, as she presents best practices that security teams should implement in order to enable their developers to harness the power of open source without slowing them down or compromising security.

5 things about os sharon webinar final

DevOps.com

Similar to Open Source in Application Security (20)

Adjusting Your Security Controls: It’s the New Normal

Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...

State of endpoint risk v3

Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...

Ponemon Institute Data Breaches and Sensitive Data Risk

Healthcare & MedTech - Open Source Security & Risk Analysis

The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011

State of endpoint risk v3

Unified application security analyser

State of Web Application Security by Ponemon Institute

Tackling the Risks of Open Source Security: 5 Things You Need to Know

2016 Trends in Security

En msft-scrty-cntnt-e book-cybersecurity

Cisco 2014 - Anual Security Report

The State of Data Security

Intelligence on the Intractable Problem of Software Security

5 things about os sharon webinar final

More from Black Duck by Synopsys

Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included: A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises. For more information, please visit us at www.blackducksoftware.com

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

Black Duck by Synopsys

Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

Black Duck by Synopsys

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Black Duck by Synopsys

Open-Source- Sicherheits- und Risikoanalyse 2018

Black Duck by Synopsys

At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

Black Duck by Synopsys

Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - From Protex to Hub

Black Duck by Synopsys

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Black Duck by Synopsys

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Black Duck by Synopsys

Open Source Rookies and Community

Black Duck by Synopsys

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Black Duck by Synopsys

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans. Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Black Duck by Synopsys

Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Black Duck by Synopsys

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions. Read on for all the open source security and cybersecurity news you need to know this week.

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Black Duck by Synopsys

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk. Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.

Open Source Insight: Happy Birthday Open Source and Application Security for ...

Black Duck by Synopsys

This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Black Duck by Synopsys

More from Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Open-Source- Sicherheits- und Risikoanalyse 2018

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

FLIGHT Amsterdam Presentation - From Protex to Hub

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Open Source Rookies and Community

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Open Source Insight: Happy Birthday Open Source and Application Security for ...

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Recently uploaded

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

MINDCTI Revenue Release Quarter One 2024

MIND CTI

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Real Time Object Detection Using Open CV

Khem

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

FWD Group - Insurer Innovation Award 2024

A Beginners Guide to Building a RAG App Using Open Source Milvus

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

MINDCTI Revenue Release Quarter One 2024

AWS Community Day CPH - Three problems of Terraform

Ransomware_Q4_2023. The report. [EN].pdf

MS Copilot expands with MS Graph connectors

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Data Cloud, More than a CDP by Matt Robison

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

GenAI Risks & Security Meetup 01052024.pdf

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Real Time Object Detection Using Open CV

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Artificial Intelligence Chap.5 : Uncertainty

Manulife - Insurer Transformation Award 2024

A Year of the Servo Reboot: Where Are We Now?

Open Source in Application Security

Recommended

Recommended

More Related Content

What's hot

What's hot (17)

Viewers also liked

Viewers also liked (20)

Similar to Open Source in Application Security

Similar to Open Source in Application Security (20)

More from Black Duck by Synopsys

More from Black Duck by Synopsys (20)

Recently uploaded

Recently uploaded (20)

Open Source in Application Security