We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

1. Open Source Insight:
Who Owns Linux? TRITON Attack, App Security
Testing, Future of GDPR
By Fred Bals, Senior Content Strategist

2. Cybersecurity News This Week
We look at the three reasons you must attend the FLIGHT Amsterdam
conference; how to build outstanding projects in the open source
community; and why isn’t every app being security tested? Plus, in-
depth into the TRITON attack; why 2018 is the year of open source; how
open source is driving both IoT and AI and a webinar on the 2018 Open
Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source
security and cybersecurity news!

3. • Interview with Art Dahnert, Synopsys
• Building standout projects with the open source
community
• Why do the vast majority of applications still not
undergo security testing?
• Innovation may be outpacing security in cars
• Open source projects that break boundaries
• TRITON attack: A failure this time, but still ominous
Open Source News Stories

4. • GitLab: 2018 is the year for open source and DevOps
• The future of GDPR: Compliance beyond the deadline
• Cybercriminals spotted hiding cryptocurrency mining
malware in forked projects on GitHub
• How open-source software drives IoT and AI
• Who owns Linux?
• 3 secret reasons you must join us at FLIGHT Amsterdam
Open Source News Stories

5. Interview with Art Dahnert, Synopsys
via Automobil Elektonik: Video - Art Dahnert, Managing Consultant
at Synopsys, talks about the security of open source software and
how Black Duck software helps.

6. Building standout projects with the open
source community
via Black Duck blog: Developing an open source project can seem daunting
at times. Finding time to dedicate to a project can be difficult, and when it finds
success, reported issues and proposed changes to review can seem endless.
Selecting open source libraries to use is no easier — you must make a choice
between multiple options, and short of reviewing the library’s entire codebase,
how can you make such a selection (and know you made the right one)? The
open source community has answers to these problems by automating many
common-sense checks into contributing and providing ways to show
summaries of those results to prospective users.

7. Why do the vast majority of applications still not
undergo security testing?
via Security Week: With the growing use of open source, the
amount of code from external sources in any application is rising
exponentially. This open source code may contain profound
vulnerabilities that immediately become part of your software.
Software composition analysis (SCA) detects open source and third-
party component risks in development and production. It also
identifies potential licensing issues in open source code used in your
applications.

8. Innovation may be outpacing security in cars
via eeNews: Open source use is pervasive across every industry
vertical, including the automotive industry. A study conducted in early
2017 by Black Duck’s Center for Open Source Research and
Innovation (COSRI) examining findings from the anonymised data of
more than 1,000 commercial applications found open source
components in 96% of the applications scanned. On average, open
source comprised 36% of the code base in these applications.

9. Open source projects that break
boundaries
via Black Duck: In this webinar on March 22nd,
we'll explore the origins and evolution of this year's
most outstanding Open Source Rookies, who are
investing their efforts in everything from
Autonomous Driving, through Scalable Blockchain,
and VNF Orchestration, to Personal Security and
Relationship Management.

10. TRITON attack: A failure this time,
but still ominous
via Synopsys Software Integrity blog: Yet
another cyber-attack on a critical infrastructure
installation ought to send yet another warning to
operators of industrial control systems (ICS) that it
is long past time to, as they say, harden their
defenses.

11. via SD Times: DevOps and open source aren’t
slowing down anytime soon, a newly released report
revealed. GitLab released its 2018 Global Developer
Survey on developers’ perception of their workplace,
workflow, and tooling within IT organizations.
GitLab: 2018 is the year for open source
and DevOps

12. via Silicon Republic: With a little more than two months until the
enforcement date rolls around, many entities are looking at the
compliance deadline as just that: a deadline. But that is really only the
beginning for GDPR.
The future of GDPR: Compliance beyond
the deadline

13. via ZDNet: Those behind the campaign are tailoring
the Monero cryptojacking malware to use a limited
amount of CPU power in order to evade infections
being detected.
Cybercriminals spotted hiding
cryptocurrency mining malware in
forked projects on GitHub

14. via DZone: One of the most promising emerging developments is the
intersection of the IoT and AI. Expect more of this as open source
continues to speed development in these exciting technologies.
How open-source software drives IoT and AI

15. via Black Duck blog: In October 2017, the
plaintiff Patrick McHardy (see the previous
post) had been successful in obtaining a very
broad preliminary injunction covering the entire
Linux kernel against Geniatech, the producer
of the EyeTV product line.
Who owns Linux?

16. via Synopsys Software Integrity blog: Synopsys executives are
excited about joining FLIGHT Amsterdam. Not only will our leadership
team be on hand to meet with you and discuss Black Duck Hub
features and product roadmaps, but there will be a session
introducing how Black Duck fits into the ecosystem of Synopsys and
all the cool things coming as the companies join forces.
3 secret reasons you must join us at
FLIGHT Amsterdam