The document discusses the NotPetya cyberattack, identified as a destructive wiper rather than ransomware, affecting 64 countries and emphasizing the need for cybersecurity vigilance and timely patching. It highlights the pervasive use of open source software across industries, particularly in the automotive sector, and the associated security risks that remain largely unaddressed. The piece also touches on the rising scrutiny of open source code in light of geopolitical tensions, particularly in relation to US and Russian tech interactions.

1. Open Source Insight:
NotPetya Strikes,
Patching Is Vital for Risk Management
By Haidee LeClair | Digital Marketing Communication Manager

2. Cybersecurity News This Week
News about NotPetya is rebounding around the world this week as malware
experts quickly determined that the resemblence to Petya is superficial.
The consensus is now that NotPetya is a wiper, designed to inflict
permanent damage, not ransomware as initially reported. Following closely
on the heels of WannaCry incidents, NotPetya hit 64 countries by June 28,
but with no kill switch available this time. Global cyberattacks such as
these highlight the importance of cybersecurity everywhere, staying up to
date on patches and ensuring that backups are up-to-date.

3. • Safety, Security & Open Source in the Automotive Industry
• Petya Cyber Attack That Spread Around the World Was Intent on
Destruction, Not on Making Money
• Ubuntu 'Weaponised' to Cure NHS of its Addiction to Microsoft
Windows
• Oversight of Use of Open Source Code Crucial As GDPR
Approaches, Says Industry Expert
• Customer Questions: What Is Docker Anyway?
• Open Source Vulnerabilities & Application Security
• A Methodology for Quantifying Risks from Web Services
• Security Code Reviews by Russian Agencies Cause Concern
Open Source News

4. Safety, Security & Open Source in the Automotive
Industry
via Black Duck blog (Fred Bals): Open source use is pervasive across
every industry vertical, including the automotive industry. When it comes
to software, every auto manufacturer wants to spend less time on what
are becoming commodities — such as the core operating system and
components connecting the various pieces together — and focus on
features that will differentiate their brand. The open source model
supports that objective by expediting every aspect of agile product
development.

5. via The Independent: Experts say that initial
suggestions that the software was being used to
make money may have been a distraction. The
software might instead be part of a plan simply to
cripple as many systems, companies and
countries as possible, they said.
Petya Cyber Attack That Spread Around the World Was
Intent on Destruction, Not on Making Money

6. Ubuntu 'Weaponised' to Cure NHS of its Addiction to
Microsoft Windows
via The Register: A gathering of software developers
whose mission was to find a way to deploy NHSbuntu, a
flavour of the open-source Linux distro Ubuntu built for the
NHS, on 750,000 smartcards used to verify clinicians
accessing 80 per cent of applications – excluding those for
clinical use – on millions of health service PCs.

7. via Out-Law.com: Mike Pittenger, vice president of
security strategy at Black Duck Software, told Out-
Law.com that many businesses either remain
unaware that they are running popular open source
components within their software at all or that
security vulnerabilities exist in the versions of that
software they are operating. This is despite the
profile of open source software security risk being
raised by media coverage in recent times, he said.
Oversight of Use of Open Source Code
Crucial As GDPR Approaches, Says
Industry Expert

8. Customer Questions: What Is Docker Anyway?
via Black Duck blog (Megan
McIntyre): We've been thinking
about how Docker containers can
help us deliver our software
effectively for quite a while now.
Recently Hal Hearst shared
excellent information about how
and why we're releasing Hub as
a Dockerized container.

9. via IT SecCity (Germany): Der Appetit der Welt
auf Open-Source-Software ist unersättlich.
Unternehmen weltweit haben im vergangenen
Jahr den Einsatz von Open Source deutlich
erhöht; doch obwohl diese bereitwillig die mit
Open Source verbundenen Bedenken bezüglich
der sicherheitsrelevanten und operationellen
Risiken zur Kenntnis nehmen, hält das effektive
Management von Open Source nicht mit der
zunehmenden Nutzung mit.
Open Source Vulnerabilities & Application
Security

10. A Methodology for Quantifying Risks from
Web Services
via Black Duck blog (Baljeet Malhotra): Every API comes with a set of
obligations, which are typically documented in various (legally binding)
agreements (for example, Terms of Service, Developer Agreement,
Privacy Statement) that govern the usage of API and its underlying data
and functionalities. According to our research there are essentially four
key factors that affect the governance of API usage.

11. via TechTarget SearchSecurity: Before
allowing cybersecurity products into Russia, U.S.
tech companies are reportedly being required to
submit source code for review, and many are
worried of the privacy and security impacts of
this testing. Rising tensions between the U.S.
and Russia over apparent election
interference appear to be to blame for both
Russia's insistence on security code reviews and
U.S. experts' wariness of the practice.
Security Code Reviews by Russian
Agencies Cause Concern

12. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.