Big news for Open Source Insight’s publisher as electronic design automation (EDA) and semiconductor IP company, Synopsys, announced its intention to acquire Black Duck Software to extend the firm's product offerings into open source security. This week’s newsletter includes an open letter from Black Duck CEO Lou Shipley on why the Synopsys/Black Duck deal makes sense for or both sides as well as for Black Duck customers, partners and employees. In other open source security and cybersecurity news: Black Duck data scientist Nathan (Yiming) Zhang looks at the ongoing race between hackers and the NVD. Technology evangelist Tim Mackey explains why good containers (sometimes) go bad. Steven Zimmerman, shares insights from his recent visit to the Automotive Cybersecurity Summit. And a look into why the future of cybersecurity hangs on automation.

1. Open Source Insight:
Synopsys Moves into Open Source Security with
Black Duck Acquisition
Fred Bals | Senior Content Writer/Editor

2. Cybersecurity News This Week
Big news for Open Source Insight’s publisher as electronic design automation
(EDA) and semiconductor IP company, Synopsys, announced its intention to
acquire Black Duck Software to extend the firm's product offerings into open
source security. This week’s newsletter includes an open letter from Black Duck
CEO Lou Shipley on why the Synopsys/Black Duck deal makes sense for or both
sides as well as for Black Duck customers, partners and employees.
In other open source security and cybersecurity news: Black Duck data scientist
Nathan (Yiming) Zhang looks at the ongoing race between hackers and the NVD.
Technology evangelist Tim Mackey explains why good containers (sometimes) go
bad. Steven Zimmerman, shares insights from his recent visit to the Automotive
Cybersecurity Summit. And a look into why the future of cybersecurity hangs on
automation.

3. • Synopsys to Enhance Software Integrity Platform
with Acquisition of Black Duck Software
• Saying "Yes" to Synopsys Right Move at Right
Time For Black Duck
• Black Duck's Open (Source) Truth: 'When Good
Containers Go Bad'
• How Retailers Must Increase Web Security Before
Holiday Shopping
Open Source News

4. More Open Source News
• 3 Takeaways from the Automotive Cybersecurity Summit
• SAVE Act Attempts to Bolster Election Security
• Open Source Cloud Storage Firm Finds Unsettling Number
of Unpatched Instances Online
• The Future of Cybersecurity Part II: The Need for
Automation
• The Race Is On: Do Hackers Publishing Exploits Beat NVD?

5. via Synopsys press release: Synopsys, Inc. (Nasdaq:
SNPS) and Black Duck Software, Inc. have signed a
definitive agreement for Synopsys to acquire privately held
Black Duck, a leader in automated solutions for securing and
managing open source software. The addition of Black
Duck's highly respected Software Composition Analysis
solution will enhance Synopsys' efforts in the software
security market by broadening its product offering and
expanding its customer reach.
Synopsys to Enhance Software Integrity Platform
with Acquisition of Black Duck Software

6. Saying "Yes" to Synopsys Right
Move at Right Time For Black Duck
via Black Duck blog (Lou Shipley): Saying “yes” is in the best
interests of our customers, who will have access to a wider array
of security solutions from a single trusted vendor; in the best
interests of our large and patient investors who funded Black Duck
in its earliest days more than a decade ago; and in the best
interests of our individual shareholders, the majority of whom are
employees.

7. via Computer Weekly: Black Duck Software
technology evangelist Tim Mackey explains why
you need to understand what information
attackers use to design their attacks when
defending against attack at scale.
Black Duck's Open (Source) Truth: 'When
Good Containers Go Bad'

8. How Retailers Must Increase Web
Security Before Holiday Shopping
via Security Boulevard: Criminals are expected to try and hijack
customer and employee accounts, break into online platforms through
code vulnerabilities and launch distributed denial-of-service attacks
against shopping websites.

9. via Black Duck blog (Steven
Zimmerman): And then I saw an autonomous
vehicle slowing to a stop at a traffic light, turn
signal blinking and LIDAR emitter twirling, with a
driver sipping coffee and eating a pastry behind
the wheel, and realized I was observing the
natural extension of the software-enabled trek I’d
just completed to the 2017 Automotive
Cybersecurity Summit.
3 Takeaways from the Automotive
Cybersecurity Summit

10. SAVE Act Attempts to Bolster Election Security
via Tech Target: Two senators introduced a bipartisan election
security bill called the SAVE Act, which aims to improve voting
infrastructure and harden state systems against attack.

11. via Data Center Knowledge: The open source file
sharing project scanned the web to find numerous
vulnerable and unpatched instances of its software on
critical websites.
Open Source Cloud Storage Firm Finds Unsettling
Number of Unpatched Instances Online

12. The Future of Cybersecurity Part II: The Need
for Automation
via CSO Online: Vendors are adding open source capabilities to their
tools to add much needed IT infrastructure flexibility. The more tools
and devices organizations add to their IT infrastructure, the more
unique an ecosystem becomes. That is why open source fits more
complex environments.

13. via Black Duck blog (Nathan (Yiming)
Zhang): Regardless how long it takes for NVD to
process a CVE after first disclosure in other
sources, there is a 76.19% chance that an exploit
will be publicly available days earlier.
The Race Is On: Do Hackers Publishing
Exploits Beat NVD?

14. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.