This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
The rise of a generation of new hackers has propelled a boom in successful cyberattacks and data breaches over the last decade. This generation of "modern adversaries" has caused billions of dollars in damages in the last few years, and both the pace and danger of their attacks continue to grow.
This presentation analyzes modern hacker adversaries: who are they, how are they circumventing traditional security systems, and what can the information security industry do to detect and stop these new threats.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach, as Fred Bals relates in his blog on whether SAST and DAST fell down on the job for Equifax. Black Duck VP and General Counsel, Matt Jacobs partners with Irwin Mitchell’s Dan Headley to review what GDPR will mean for open source code. Is open source more dangerous than Windows? And Larry Ellison claims Oracle could have saved Equifax from much heartache in this week’s open source security and cybersecurity news wrap.
Top 12 Cybersecurity Predictions for 2017IBM Security
No industry is immune from a cyberattack. In fact, cyber experts are predicting that we may see a rise in attacks and a spread as industries previously on the fringe now face direct hits. The question is, “What’s in store for us in 2017?”
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
The rise of a generation of new hackers has propelled a boom in successful cyberattacks and data breaches over the last decade. This generation of "modern adversaries" has caused billions of dollars in damages in the last few years, and both the pace and danger of their attacks continue to grow.
This presentation analyzes modern hacker adversaries: who are they, how are they circumventing traditional security systems, and what can the information security industry do to detect and stop these new threats.
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach, as Fred Bals relates in his blog on whether SAST and DAST fell down on the job for Equifax. Black Duck VP and General Counsel, Matt Jacobs partners with Irwin Mitchell’s Dan Headley to review what GDPR will mean for open source code. Is open source more dangerous than Windows? And Larry Ellison claims Oracle could have saved Equifax from much heartache in this week’s open source security and cybersecurity news wrap.
Top 12 Cybersecurity Predictions for 2017IBM Security
No industry is immune from a cyberattack. In fact, cyber experts are predicting that we may see a rise in attacks and a spread as industries previously on the fringe now face direct hits. The question is, “What’s in store for us in 2017?”
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
KnowBe4 helps you keep your network secure with Kevin Mitnick security awareness training. You are able to send simulated phishing attacks before and after the training. Created ‘by admins for admins’, a minimum of time is needed with visible proof the security awareness training works. Find out what your email attack footprint looks like and ask for our free Email Exposure Check.
Based on Kevin’s 30+ year unique first-hand hacking experience, you are now able to train employees with next-generation web-based training and testing, to quickly solve the increasingly urgent security problem of Social Engineering.
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
In 2015 alone, hackers stole the records of - 11 million people from Premiere Blue Cross- 10 million people from Excellus BlueCross BlueShield- 80 million people from Anthem. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
The Best Online Security Service for
CIM – Central Management
Log Monitoring
Intrusion Detection Systems
Firewall Monitoring System
Host based IDSs
Vulnerability Scanning
Evidence Retention
CIM Intelligence
A must to see for all,......!!!
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
In this keynote I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Cybersecurity experts predict that cyber attacks will be twice as what happened in 2019. In 2021 it is predicted that a cyber attack will be reported every 11 seconds which is twice what it was in 2019 (every 19 seconds).
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
M-Trends® 2013: Attack the Security GapFireEye, Inc.
Mandiant’s annual threat report reveals evolving trends, case studies and best practices gained from Mandiant observations to targeted attacks in the last year. The report, compiled from hundreds of Mandiant advanced threat investigations, also includes approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends.
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
Insider threats come in all shapes and sizes and affect organizations across all industries and geographies. Understanding the motives behind them is key to defense.
One of the best ways to do this is to study some of the bold, headline-generating insider threats that have taken place recently, like the big Twitter debacle of July 2020. This is just one example of what has become a very common problem.
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
Some interesting topics in this week’s Open Source Insight, including news that Equifax knew about its security issues more than a year before the fact. We also look at the use of AI for open source management; the ticking time bomb that is IoT security; a preview of the Legal track at Black Duck FLIGHT 2017, and to round out the month, we offer a fun infographic in the spirit of Halloween.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
KnowBe4 helps you keep your network secure with Kevin Mitnick security awareness training. You are able to send simulated phishing attacks before and after the training. Created ‘by admins for admins’, a minimum of time is needed with visible proof the security awareness training works. Find out what your email attack footprint looks like and ask for our free Email Exposure Check.
Based on Kevin’s 30+ year unique first-hand hacking experience, you are now able to train employees with next-generation web-based training and testing, to quickly solve the increasingly urgent security problem of Social Engineering.
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
In 2015 alone, hackers stole the records of - 11 million people from Premiere Blue Cross- 10 million people from Excellus BlueCross BlueShield- 80 million people from Anthem. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
The Best Online Security Service for
CIM – Central Management
Log Monitoring
Intrusion Detection Systems
Firewall Monitoring System
Host based IDSs
Vulnerability Scanning
Evidence Retention
CIM Intelligence
A must to see for all,......!!!
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
In this keynote I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Cybersecurity experts predict that cyber attacks will be twice as what happened in 2019. In 2021 it is predicted that a cyber attack will be reported every 11 seconds which is twice what it was in 2019 (every 19 seconds).
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
M-Trends® 2013: Attack the Security GapFireEye, Inc.
Mandiant’s annual threat report reveals evolving trends, case studies and best practices gained from Mandiant observations to targeted attacks in the last year. The report, compiled from hundreds of Mandiant advanced threat investigations, also includes approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends.
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
Insider threats come in all shapes and sizes and affect organizations across all industries and geographies. Understanding the motives behind them is key to defense.
One of the best ways to do this is to study some of the bold, headline-generating insider threats that have taken place recently, like the big Twitter debacle of July 2020. This is just one example of what has become a very common problem.
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
Some interesting topics in this week’s Open Source Insight, including news that Equifax knew about its security issues more than a year before the fact. We also look at the use of AI for open source management; the ticking time bomb that is IoT security; a preview of the Legal track at Black Duck FLIGHT 2017, and to round out the month, we offer a fun infographic in the spirit of Halloween.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application.
The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
Open Source Insight:IoT Security, Tech Due Diligence, and Software Security ...Black Duck by Synopsys
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...Black Duck by Synopsys
Black Duck is now a part of Synopsys, with the acquisition complete this week. Dr. Andreas Kuehlmann, General Manager of the Synopsys Software Integrity Group provides some background of how Synopsys and Black Duck joining forces will enhance the company’s efforts in the software security market by broadening our product offering and strengthening the Software Integrity Platform.
Tim Mackey, technical evangelist for Black Duck, tackles the tricky issue of container security. Mike Pittenger, vice president of security strategy for Black Duck, discusses open source security, the Equifax breach, OpenSSL and Heartbleed, and why a “software parts list” will become increasing important to organisations wanting to stay secure.
This week’s open source security and cybersecurity news follows in Open Source Insight.
Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security threat we face in 2018. Artifex and Hancom settle their long-running open source licensing dispute, and the hidden costs of open source security.
Read all the hottest open source security and cybersecurity news in this week’s Open Source Insight.
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...Black Duck by Synopsys
The need for cybersecurity vigilance is the overarching theme of this week’s news, as Google OSS-Fuzz finds more than 1,000 bugs, with 264 of them flagged as potential security bugs. The vuln that just keeps on strutting has impacted VMware products. Thousands of patient records are leaked in a New York Hospital data breach. More hospital data breaches may be imminent in the NHS Ransomware attacks announced today.
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
We’re winding up 2017 with the leading security stories of the year, as well as what 2018 might bring in terms of open source and cybersecurity. Several Black Duck and Synopsys’ bloggers weigh in with articles ranging from the need of SCA (software composition analysis), through how developers can navigate the sometimes stormy seas of software security, to addressing the issues of open source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season and will see you again in 2018!
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.
Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website.
Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
On to this week’s top open source and open source security news…
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday the Apache Struts team released Apache Struts v2.5.13, which includes a fix for CVE-2017-9805. As always, the byword of the week is “patch and update.”
Also looming large in this week’s news is the massive cyber-break-in at Equifax, where highly sensitive personal and financial information for around 143 million U.S. consumers (the editor apparently being among those affected) was compromised.
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cyber...Black Duck by Synopsys
A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Black Duck by Synopsys
Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.
If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car
Open Source Insight: Synopsys Moves into Open Source Security with Black Duck...Black Duck by Synopsys
Big news for Open Source Insight’s publisher as electronic design automation (EDA) and semiconductor IP company, Synopsys, announced its intention to acquire Black Duck Software to extend the firm's product offerings into open source security. This week’s newsletter includes an open letter from Black Duck CEO Lou Shipley on why the Synopsys/Black Duck deal makes sense for or both sides as well as for Black Duck customers, partners and employees.
In other open source security and cybersecurity news: Black Duck data scientist Nathan (Yiming) Zhang looks at the ongoing race between hackers and the NVD. Technology evangelist Tim Mackey explains why good containers (sometimes) go bad. Steven Zimmerman, shares insights from his recent visit to the Automotive Cybersecurity Summit. And a look into why the future of cybersecurity hangs on automation.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
Black Duck and Tech Contracts Academy discussed the implications of open source software in tech contracts. The topic of open source has been at the forefront of the technology industry for many years, but as the use of open source in commercial applications explodes, so do concerns about addressing license and ownership issues in contract negotiations.
David Tollen is the founder of Tech Contracts Academy (www.TechContracts.com) and of Sycamore Legal P.C., in San Francisco. He’s the author of The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople. He will dive into these topics from the perspective of both buyers and sellers and aims to educate on Intellectual Property (IP) protection and other terms and how they should work during contract negotiations.
Shift Risk Left: Security Considerations When Migrating Apps to the CloudBlack Duck by Synopsys
In this session, we'll start with the basics of application security for an environment where development teams are able to push code into production at will. We quickly cover the basics and move on to the advanced topics of tests and models for long-term application security. We'll cover real-world Black Duck CI examples including keeping apps up-to-date in Pivotal Cloud Foundry environments, and end with tips for advocating for long-term security structures.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
1. Open Source Insight:
Security Breaches and Cryptocurrency Dominating News
Haidee LeClair | Digital Marketing Communication Manager
2. Cybersecurity News This Week
This week in Open Source Insight we examine blockchain security and
the cryptocurrency boom. Plus, take an in depth look at open source
software in tech contracts with a legal expert from Tech Contracts
Academy, Adobe Flash Player continues to be a security concern, the
Open Source Initiative turns 20, and step by step instructions for
migrating to Docker on Black Duck Hub. Cybersecurity and security
breach news also dominates this week, as Synopsys examines
security breaches in 2017 and how they were preventable.
Read on for more cybersecurity and open source security news.
3. • Blockchain Security and the Cryptocurrency Boom,
Part 1: Theory
• Open Source Software in Tech Contracts – 1. Intro
• Adobe Flash Player Zero-day Spotted in the Wild
• Open Source Initiative Turns 20
• Migrating to Docker on Black Duck Hub
• Enterprises Need a Software Security Program
Open Source News
4. More Open Source News
• New Reports Detail How Most 2017 Security Breaches
Were Easily Preventable
• Four Key Questions for Automotive Cybersecurity
• Equifax's Data Breach Sins Live on to This Year's Tax
Season
• Infographic: What do the 4 CISO tribes say about
software security in your firm?
• Tackling Security with Container Deployments
5. via Synopsys Software Integrity blog: For the
millions who have invested (or are considering
investing) in cryptocurrencies such as Bitcoin,
Litecoin, Ethereum, and the ever-growing list of alt-
coins, little has been mentioned about the software
and the infrastructure on which these
cryptocurrencies are based. With all early adoption
of technology, there is risk, so there’s a natural
inclination to question the security of blockchain and
the potential for cyber attack against it.
Blockchain Security and the Cryptocurrency
Boom, Part 1: Theory
6. Open Source Software in Tech
Contracts – 1. Intro
via Tech Contracts Academy: Contract drafters rarely
understand open source software (OSS). They see it as a threat,
so when they’re buying software, they try to exclude OSS from
their vendors’ products. In most cases, the concern is misplaced.
Software licensees may have good reason to worry
about copyleft software, which is one type of OSS. But other
open source software poses no real threat. Plus, even copyleft
should cause far less concern than it often does. And most
standard contracts already have IP terms that address copyleft
pretty well.
7. via Threatpost: According to the South Korean
Computer Emergency Response Team (KR-CERT),
the zero-day is believed to be a Flash SWF file
embedded in MS Word documents. Impacted is
Adobe’s most recent Flash Player 28.0.0.137 and
earlier... Adobe released a security advisory on
Thursday acknowledging the vulnerability and attacks.
Adobe Flash Player Zero-day
Spotted in the Wild
8. Open Source Initiative Turns 20
via ADT Mag: Also, as part of the celebration, the OSI is
launching OpenSource.Net, which will serve both as a community
of practice and a mentorship program. "The goal is to further
promote adoption of open source software over the next twenty
years as issues shift from open source's viability/value to issues
around implementation and authentic participation," the Web site
reads.
9. via Black Duck Blog (Charlie Klein): Before Black
Duck began leveraging Docker, customers utilized
the App Manager Install Method to deploy the Hub.
The Hub now deploys as a set of containers, so
customers need to install Docker to take advantage
of updates to the application. By the end of this
guide, you'll have a basic understanding of how to
migrate the Hub to a containerized environment, as
well as the benefits of using containers.
Migrating to Docker on Black Duck
Hub
10. Enterprises Need a Software
Security Program
via App Developer Magazine: The answer to the “why” enterprises
need a software security program question is pretty straightforward.
There are no circumstances under which any but the smallest firms
can expect a collection of independent activities - a pen test here, an
hour of training there, some free tools that may or may not work as
advertised - will consistently result in appropriately secure software.
11. via Synopsys Software Integrity blog: Whatever the
actual count, the trend is the same—a major increase
in breaches year after year. While that is offset a bit by
a bit of good news – the Ponemon Institute’s
finding that the average cost of a data breach incident
worldwide in 2017 declined to $3.62 million, or by 10%
from 2016, the United States bucked the trend, with a
5% increase to $7.35 million that put it at about double
the worldwide average.
New Reports Detail How Most 2017 Security
Breaches Were Easily Preventable
12. Four Key Questions for
Automotive Cybersecurity
via IoTNow Transport (Mike Pittenger): According to research
conducted by Black Duck’s Centre for Open Source
Research&Innovation, 23% of the code in the average automotive
application is open source. Open source enters in-vehicle applications
through a variety of paths. Automobile manufacturers rely on a wide
range of component and application suppliers, who build solutions with
open source components and extend open source platforms.
13. via The Hill: As you prepare your taxes this year, think
of Equifax. Why? If you were one of the 145 million
Americans who had their personal information breached
at Equifax last year, you could become a victim of tax
fraud.
After the breach, there were a flurry of articles advising
people to place credit freezes on their accounts and set
up fraud alerts at each of the credit bureaus. This is good
advice, but it does not prevent scammers from filing with
the IRS using your Social Security Number and
requesting fraudulent tax returns in your name. All you
can do to protect yourself from tax identity theft is file as
early as possible, so identity thieves don’t file before you
do.
Equifax's Data Breach Sins Live on to This Year's
Tax Season
14. Infographic: What do the 4 CISO tribes say about software security
in your firm?
via Synopsys Software Integrity blog: Where does software security
really fit into your firm? We recently decided to conduct a study to find
out. Gathering data in a series of in-person interviews with 25 chief
information security officers (CISOs), our aim was to understand their
strategies and approaches. The 2018 CISO Report presents the
research findings.
15. via Informatik Aktuell (Tim Mackey): Container
technologies are the next step in moving from
physical, single-use computing resources to
more efficient, multi-tenant virtual infrastructures
that can run in legacy IT environments and in the
cloud. Among other benefits, containers are
ideal for continuous integration and continuous
delivery environments designed to accelerate
development and further optimize the path
between development and production
environments.
Tackling Security with Container
Deployments
16. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.