GDPR and Open Source: Security by the Numbers

•

1 like•336 views

You can't protect what you don't know about. Talk to your heads of software development and information security, and ask them to produce a list of open source components your organization uses. Here's what you need to know.

Technology

€20m |4%€20m |4%
147|27147|27
You can’t protect what you don’t know about. Talk to your heads of software
development and information security and ask them to produce a list of open
source components your organization uses. Here’s why you need to know.
3,0003,000Number of new open source
vulnerabilities identified yearly.
A fine recently levied against a public agency over its failure to fix a open
source software security hole in its website. The vulnerability was
exploited by a hacker who accessed sensitive employee personal data.
Date the responsibility of protecting any personal
data you hold or process on EU citizens will fall
squarely on the shoulders of your organization.
5/25/20185/25/2018
GDPR & OPEN SOURCEGDPR & OPEN SOURCEGDPR & OPEN SOURCE
Security By the NUmbers
Software applications
include an average 147
unique open source
components. Each application
contains, on average, 27 vulnerable
open source components.
Breaches could lead to fines of of up
to €20 million or 4% of global annual
turnover. A single violation could put
your company out of business.
Organizations worldwide use Black Duck Software’s industry-leading products to automate
the processes of securing and managing open source software, eliminating the pain related to
security vulnerabilities, license compliance and operational risk. Black Duck is headquartered in
Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Frankfurt, Hong
Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com
25
Three key GDPR Articles
mandating that organizations must
demonstrate compliance” with the
GDPR, including “appropriate
measures” for security. But many
companies aren’t including open
source security in their plans.
24|28|3224|28|32
£100,000£100,000

Did you know that only 5% of all organizations actively care to protect user credentials in the cloud? Or that 1% of users in Financial Services represent 99% of exposure risk? Our CyberLab data scientists gathered data from 1B files and 10M users to compile a fascinating cybersecurity report outlining the riskiest industries in the cloud. See where your organization stands against your peers and competitors.

Board and Cyber Security

Leon Fouche

Enterprise Cyber Security 2016

Supply Chain Coalition

2015 Mobile Security Trends: Are You Ready?

IBM Security

We’ve been hearing for years now that mobile security threats are coming into their own, both in terms of volume and capacity to inflict harm. Is 2015 the year when organizations will move past their fundamental BYOD debates and start discussing more progressive mobile security topics? Securing the mobile enterprise requires a comprehensive approach that includes securing devices, protecting data, safeguarding applications, and managing access and fraud. In this session, hear IBM Security experts discuss: - The latest mobile security trends and challenges - Real-life customer experiences - Best practices on building your overall mobile security strategy View on-demand recording: http://securityintelligence.com/events/2015-mobile-security-trends/

ICION 2016 - Cyber Security GovernanceCharles Lim

Palo Alto Networks 2016 Cybersecurity Predictions

PaloAltoNetworks

Infographic Economic Impact of Cybercrime

Jeferson Propheta

Adrian Ifrim - prezentare - Cyber Security Trends 2020

Business Days

Adrian Ifrim with more than twelve years of experience in the financial, telecom and IT security sectors, currently serving as Senior Manager within the Cyber Risk Advisory team of Deloitte Romania. In addition, he is an expert in information security with focus on penetration testing services and currently holds the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP) and System Security Certified Practitioner (SSCP) certifications.

State of Security

- Mark - Fullbright

Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management

Black Duck by Synopsys

News about NotPetya is rebounding around the world this week as malware experts quickly determined that the resemblence to Petya is superficial. The consensus is now that NotPetya is a wiper, designed to inflict permanent damage, not ransomware as initially reported. Following closely on the heels of WannaCry incidents, NotPetya hit 64 countries by June 28, but with no kill switch available this time. Global cyberattacks such as these highlight the importance of cybersecurity everywhere, staying up to date on patches and ensuring that backups are up-to-date.

Cybercriminalité, statut, risques et prévention

Forums financiers de Wallonie

Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020

Business Days

Cosmin Vilcu este expert în soluții de securitate IT, iar în prezent ocupă funcția de Regional Senior Sales Manager for Eastern Europe & CIS la SonicWall. Cosmin a pus bazele echipei SonicWall în România la începutul anului 2016. Întreaga experiență a fost construită în domeniul tehnologic, Cosmin lucrând în decursul anilor pentru companii precum Kaspersky, Omnilogic, Romtelecom, GTS Telecom, Telemobil sau Romservice. Este certificat SonicWall Network Security.

Strengthen Your Enterprise Arsenal Against Cyber Attacks With Hardware-Enhanc...

Intel IT Center

With new “Hacked!” headlines happening every day, modernizing your companies’ endpoint security strategy has never been more important. Software alone is not enough. For cybersecurity, the way forward requires help from the hardware. This session will equip you with an understanding of one of the most promising approaches to enterprise security: hardware-enhanced identity protection and data protection, at the core of your fleet of end point devices.

Valuing Data in the Age of Ransomware

IBM Security

Cybersecurity | Risk. Impact. Innovations.

Vertex Holdings

Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...

Black Duck by Synopsys

UK Cyber Vulnerability Index 2013

Martin Jordan

The 1% Who Can Take Down your Organization

CloudLock

What's hot

Open Source Insight: Heartbleed Results in £100,000 fine, WannaCry Hits Japan...

Black Duck by Synopsys

2016 - Cyber Security for the Public SectorScott Geye

2019 Cyber Security Trends

Internetwork Engineering (IE)

Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...

Knowledge Group

The Riskiest Industries in the Cloud

CloudLock

Board and Cyber Security

Leon Fouche

Enterprise Cyber Security 2016

Supply Chain Coalition

2015 Mobile Security Trends: Are You Ready?

IBM Security

ICION 2016 - Cyber Security GovernanceCharles Lim

Palo Alto Networks 2016 Cybersecurity Predictions

PaloAltoNetworks

Infographic Economic Impact of Cybercrime

Jeferson Propheta

Adrian Ifrim - prezentare - Cyber Security Trends 2020

Business Days

State of Security

- Mark - Fullbright

Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management

Black Duck by Synopsys

Cybercriminalité, statut, risques et prévention

Forums financiers de Wallonie

Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020

Business Days

Strengthen Your Enterprise Arsenal Against Cyber Attacks With Hardware-Enhanc...

Intel IT Center

Valuing Data in the Age of Ransomware

IBM Security

Cybersecurity | Risk. Impact. Innovations.

Vertex Holdings

What's hot (19)

Open Source Insight: Heartbleed Results in £100,000 fine, WannaCry Hits Japan...

2016 - Cyber Security for the Public Sector

2019 Cyber Security Trends

Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...

The Riskiest Industries in the Cloud

Board and Cyber Security

Enterprise Cyber Security 2016

2015 Mobile Security Trends: Are You Ready?

ICION 2016 - Cyber Security Governance

Palo Alto Networks 2016 Cybersecurity Predictions

Infographic Economic Impact of Cybercrime

Adrian Ifrim - prezentare - Cyber Security Trends 2020

State of Security

Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management

Cybercriminalité, statut, risques et prévention

Cosmin Vilcu - Sonicwal - prezentare - Cyber Security Trends 2020

Strengthen Your Enterprise Arsenal Against Cyber Attacks With Hardware-Enhanc...

Valuing Data in the Age of Ransomware

Cybersecurity | Risk. Impact. Innovations.

Similar to GDPR and Open Source: Security by the Numbers

Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...

Black Duck by Synopsys

UK Cyber Vulnerability Index 2013

Martin Jordan

The 1% Who Can Take Down your Organization

CloudLock

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Black Duck by Synopsys

This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.

Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam

Black Duck by Synopsys

On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack. This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity. CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.

Infosecurity Europe - Infographic

Synopsys Software Integrity Group

Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf

InfinityGroup5

Bitdefender - Solution Paper - Active Threat Control

Jose Lopez

InformationSecurity_11141sraina2

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

Black Duck by Synopsys

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.” Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.

application-security-fallacies-and-realities-veracodesciccone

SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...

South Tyrol Free Software Conference

Under a corporate point of view, free and open source software can offer material improvements such as costs reduction, flexibility and customization of services and thus let the company be able to adapt to new market trends and strengthen its business continuity. On the other hand, however, open source software may have some disadvantages, e.g. lack of technical assistance, uncertainty about the legal liability framework and vulnerability to cyber-attacks. Since the community is free to modify OSS, its developments are also unpredictable and such a changing and unforeseeable scenario may imply some hurdles to smoothly perform a forward-looking risk assessment within the governance and management of corporate tools. The complexity of the cybersecurity risk-assessment for open source software may threaten managers’ and supervisors’ liability since they are responsible for the implementation of adequate governance tools and cybersecurity models.

Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...

Black Duck by Synopsys

A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.

Securing Your Intellectual Property: Preventing Business IP Leaks

Hokme

Week 13 ch14 cZahir Reza

Your organization is at risk! Upgrade your IT security & IT governance now.

Cyril Soeri

Five strategies for gdpr compliance

Peter Goldbrunner

2016 trustwave global security report

Marco Antonio Agnese

2016 Trends in Security

Ioannis Aligizakis, M.Sc.

En msft-scrty-cntnt-e book-cybersecurity

Online Business

Similar to GDPR and Open Source: Security by the Numbers (20)

Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...

UK Cyber Vulnerability Index 2013

The 1% Who Can Take Down your Organization

Open Source Insight: Security Breaches and Cryptocurrency Dominating News

Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing Scam

Infosecurity Europe - Infographic

Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf

Bitdefender - Solution Paper - Active Threat Control

InformationSecurity_11141

Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

application-security-fallacies-and-realities-veracode

SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...

Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...

Securing Your Intellectual Property: Preventing Business IP Leaks

Week 13 ch14 c

Your organization is at risk! Upgrade your IT security & IT governance now.

Five strategies for gdpr compliance

2016 trustwave global security report

2016 Trends in Security

En msft-scrty-cntnt-e book-cybersecurity

More from Black Duck by Synopsys

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

Black Duck by Synopsys

Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included: A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises. For more information, please visit us at www.blackducksoftware.com

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

Black Duck by Synopsys

Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

Black Duck by Synopsys

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

Black Duck by Synopsys

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Black Duck by Synopsys

Open-Source- Sicherheits- und Risikoanalyse 2018

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

Black Duck by Synopsys

At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

Black Duck by Synopsys

Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

Black Duck by Synopsys

FLIGHT Amsterdam Presentation - From Protex to Hub

Black Duck by Synopsys

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Black Duck by Synopsys

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Black Duck by Synopsys

Open Source Rookies and Community

Black Duck by Synopsys

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Black Duck by Synopsys

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Black Duck by Synopsys

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans. Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Black Duck by Synopsys

Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Black Duck by Synopsys

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions. Read on for all the open source security and cybersecurity news you need to know this week.

Open Source Insight: Happy Birthday Open Source and Application Security for ...

Black Duck by Synopsys

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk. Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.

20 Billion Reasons for IoT Security

Black Duck by Synopsys

More from Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...

FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...

FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub

FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...

FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...

Open-Source- Sicherheits- und Risikoanalyse 2018

FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...

FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal

FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...

FLIGHT Amsterdam Presentation - From Protex to Hub

Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

Open Source Rookies and Community

Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...

Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...

Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...

Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...

Open Source Insight: Happy Birthday Open Source and Application Security for ...

20 Billion Reasons for IoT Security

Recently uploaded

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

Mind map of terminologies used in context of Generative AI

Kumud Singh

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Zilliz

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Recently uploaded (20)

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Video Streaming: Then, Now, and in the Future

Removing Uninteresting Bytes in Software Fuzzing

How to Get CNIC Information System with Paksim Ga.pptx

Mind map of terminologies used in context of Generative AI

A tale of scale & speed: How the US Navy is enabling software delivery from l...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Communications Mining Series - Zero to Hero - Session 1

Microsoft - Power Platform_G.Aspiotis.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Essentials of Automations: The Art of Triggers and Actions in FME

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

National Security Agency - NSA mobile device best practices

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Monitoring Java Application Security with JDK Tools and JFR Events

Building RAG with self-deployed Milvus vector database and Snowpark Container...

20240609 QFM020 Irresponsible AI Reading List May 2024

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

GDPR and Open Source: Security by the Numbers

1. €20m |4%€20m |4% 147|27147|27 You can’t protect what you don’t know about. Talk to your heads of software development and information security and ask them to produce a list of open source components your organization uses. Here’s why you need to know. 3,0003,000Number of new open source vulnerabilities identified yearly. A fine recently levied against a public agency over its failure to fix a open source software security hole in its website. The vulnerability was exploited by a hacker who accessed sensitive employee personal data. Date the responsibility of protecting any personal data you hold or process on EU citizens will fall squarely on the shoulders of your organization. 5/25/20185/25/2018 GDPR & OPEN SOURCEGDPR & OPEN SOURCEGDPR & OPEN SOURCE Security By the NUmbers Software applications include an average 147 unique open source components. Each application contains, on average, 27 vulnerable open source components. Breaches could lead to fines of of up to €20 million or 4% of global annual turnover. A single violation could put your company out of business. Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com 25 Three key GDPR Articles mandating that organizations must demonstrate compliance” with the GDPR, including “appropriate measures” for security. But many companies aren’t including open source security in their plans. 24|28|3224|28|32 £100,000£100,000

GDPR and Open Source: Security by the Numbers

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to GDPR and Open Source: Security by the Numbers

Similar to GDPR and Open Source: Security by the Numbers (20)

More from Black Duck by Synopsys

More from Black Duck by Synopsys (20)

Recently uploaded

Recently uploaded (20)

GDPR and Open Source: Security by the Numbers