This document summarizes cybersecurity news and predictions for 2018 from Black Duck and Synopsys. It discusses the top 10 IT security stories of 2017, including many large data breaches. It also discusses how open source software vulnerabilities are a growing challenge since 96% of applications contain open source code and 60% have high-risk vulnerabilities. Predictions for 2018 include continued growth in machine learning powered by open source frameworks and a focus on software composition analysis to address open source security issues.
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.
Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website.
Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
On to this week’s top open source and open source security news…
With a record-breaking 1,300 respondents, the 2015 Future of Open Source Survey results highlight record levels of corporate participation in open source, as well as the greater impact OSS is having on technology and security. Yet, this year's results also reveal a reported lack of formal company policies and processes for consuming and managing open source and its associated legal, operational, and security risks.
Learn more at www.blackducksoftware.com/future-of-open-source
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Black Duck by Synopsys
In open source security and cybersecurity news: Take the opportunity to join the Open Source 360 Survey and help give the world a snapshot of the state of open source in usage, risk, contributions and governance/policies. The top four sessions you don’t want to miss at Dockercon 2017. Does the Cloudera IPO really argue against open source business? TechCrunch creates a new index to track the explosive growth of open source. Why creating an open source ecosystem doesn't mean you're taking on security risks. And building containerized ecosystems with Ansible Container.
2009 North Bridge Future of Open Source StudyNorth Bridge
2009 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Dries Buytaert, Founder & CTO- Acquia;Ron Hovsepian, CEO Novell;John Lilly, CEO Mozilla; Mårten Mickos, SVP Sun Microsystems; John Roberts, CEO SugarCRM. The panel was chaired by North Bridge. The study, collected from 435 respondents, bring to light a variety of significant issues and topics surrounding open source software, such as the impact of the economic recession, key market drivers, and predictions regarding the types of companies that will drive the next wave of commercial open source success.
Disruptive business models are maturing in large markets like Web Content Management and Social Publishing, making it an attractive investment area for the team at North Bridge. However what the survey also shows is that much work remains to evangelize these benefits and establish a credible ecosystem to bring open source solutions to mainstream IT buyers.
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
2013 North Bridge Future of Open Source StudyNorth Bridge
2013 Future of Open Source Study; presented via Webinar with thought leaders from North Bridge, Acquia, Black Duck, Thomson-Reuters, Hortonworks, & Jeffrey Hammond, Forrester. The panel was chaired by North Bridge. The 2013 survey represents the insights of more than 800 respondents – the largest in the survey’s history - from both non-vendor and vendor communities. study reveal the cultural impact of open source software and its influence on everything from innovation, to collaboration among competitors, to hiring practices, is revolutionizing the way organizations work and do business.
It's been recognized that software is eating the world. Our seventh annual Future of Open Source survey points to the fact that open source is eating the software world. This year's results signal a shift in reasons why open source is chosen over proprietary alternatives. Increasingly, enterprises see it as leading innovation, delivering higher quality and driving growth rather than being just a free or low-cost alternative. Going forward, as broader adoption creates a virtuous cycle of innovation and investment, we can expect more disruption from open source, new business models and many more exciting new projects and companies, according to the North Bridge Press Release.
Cloud adoption continued to rise in 2013, with 75 percent of those surveyed reporting the use of some sort of cloud platform – up from 67 percent last year. That growth is consistent with forecasts from GigaOM Research, which expects the total worldwide addressable market for cloud computing to reach $158.8B by 2014, an increase of 126.5 percent from 2011.
This year’s survey finds several important shifts in why and how cloud computing is being used, obstacles to adoption, where cloud decision-making resides within organizations, and how the vendor landscape is changing. It also serves as a barometer for the industry’s progression. Feedback from across the different categories of respondents was consistent, signaling a convergence of vendor and user needs. Further, the survey reveals that business is driving the revolution deriving clear benefits from cloud adoption in the form of continuous innovation and business agility to yield competitive advantage.
2011 North Bridge Future of Open Source StudyNorth Bridge
2011 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Tom Erickson, CEO, Acquia; Adrian Kunzle, Managing Director, Head of Firmwide Engineering & Architecture, JP Morgan; Mike Olson, CEO, Cloudera; Jim Whitehurst, President & CEO, RedHat. The panel was chaired by North Bridge. More than 450 respondents took part in the 2011 survey, including representatives from both the vendor and non-vendor communities. Respondents were asked about a wide range of issues impacting the open source software (OSS) landscape, including: economic impact on OSS, key drivers and barricades for OSS adoption, and suggestions for building and maintaining a profitable OSS business model.
For the first time, supporting the fact that open source has truly gone mainstream, end users accounted for 60 percent of the survey respondents and the quality of responses continues to increase, spreading across all levels of IT management from developers to a large number of C-level executives. Respondents have identified SaaS, cloud and mobile as the main areas that will have a dramatic impact on open source and that are driving growth.
The open source customers are now more focused on maturing technology issues, including improved operational excellence around areas such as support, product management, feature functionality and return on investment. This is in contrast to earlier years where the survey had pointed to things such as the legal implications of licensing and conforming to internal policies.
56 percent of respondents believe that more than half of software purchases made in the next five years will be open source.
95 percent of respondents noted that a turbulent economy continues to be “good” for OSS, though for the first year ever, lower cost has been overtaken by freedom from vendor lock-in as what makes OSS more attractive.
When asked about revenue generating strategies likely to create value for vendors, 56% of the respondents said that an annual, repeatable support and service agreement was the most likely.
Open Source Insight: Global Response to COSRI 2017 Open Source Security and R...Black Duck by Synopsys
Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges.
Black Duck conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. For the 2017 analysis, our Center for Open Source Research & Innovation (COSRI) analyzed over 1,000 applications and found both high levels of open source usage — 96% of the apps examined contained open source — and significant risk to open source security vulnerabilities — more than 60% of the apps contained open source security vulnerabilities. All security professionals concerned about vulnerabilities and license compliance will want to review the report, which can be downloaded from the Black Duck website.
Emphasizing the need to stay on top of software security vulnerabilities is the NVD CVE listing for the month of April 2017, which now exceeds 900 entries, including CVE-2016-4899, a high to critical flaw where the datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
On to this week’s top open source and open source security news…
With a record-breaking 1,300 respondents, the 2015 Future of Open Source Survey results highlight record levels of corporate participation in open source, as well as the greater impact OSS is having on technology and security. Yet, this year's results also reveal a reported lack of formal company policies and processes for consuming and managing open source and its associated legal, operational, and security risks.
Learn more at www.blackducksoftware.com/future-of-open-source
Open Source Insight: Open Source 360 Survey, DockerCon 2017, & More on the Cl...Black Duck by Synopsys
In open source security and cybersecurity news: Take the opportunity to join the Open Source 360 Survey and help give the world a snapshot of the state of open source in usage, risk, contributions and governance/policies. The top four sessions you don’t want to miss at Dockercon 2017. Does the Cloudera IPO really argue against open source business? TechCrunch creates a new index to track the explosive growth of open source. Why creating an open source ecosystem doesn't mean you're taking on security risks. And building containerized ecosystems with Ansible Container.
2009 North Bridge Future of Open Source StudyNorth Bridge
2009 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Dries Buytaert, Founder & CTO- Acquia;Ron Hovsepian, CEO Novell;John Lilly, CEO Mozilla; Mårten Mickos, SVP Sun Microsystems; John Roberts, CEO SugarCRM. The panel was chaired by North Bridge. The study, collected from 435 respondents, bring to light a variety of significant issues and topics surrounding open source software, such as the impact of the economic recession, key market drivers, and predictions regarding the types of companies that will drive the next wave of commercial open source success.
Disruptive business models are maturing in large markets like Web Content Management and Social Publishing, making it an attractive investment area for the team at North Bridge. However what the survey also shows is that much work remains to evangelize these benefits and establish a credible ecosystem to bring open source solutions to mainstream IT buyers.
You Can’t Live Without Open Source - Results from the Open Source 360 SurveyBlack Duck by Synopsys
Today, open source drives technology and development, and its worldwide adoption ranges from companies with a single employee to large corporations like Microsoft and Apple. All of these organizations rely on open source to innovate, reduce development costs, and speed time to market. Recent research reports point out that open source comprises 80% to 90% of the code in a typical application. Our Open Source 360° survey provides an update on the rapid evolution of open source development, use and management.
The 2017 Open Source 360° survey was conducted through Black Duck’s Center for Open Source Research & Innovation (COSRI), focusing on four important areas of open source – usage, risk, contributions and governance/policies. Our respondents include input from new players, established leaders, and influencers across vertical markets and communities. This range of respondents drives broad industry awareness and discussions of these key issues.
2013 North Bridge Future of Open Source StudyNorth Bridge
2013 Future of Open Source Study; presented via Webinar with thought leaders from North Bridge, Acquia, Black Duck, Thomson-Reuters, Hortonworks, & Jeffrey Hammond, Forrester. The panel was chaired by North Bridge. The 2013 survey represents the insights of more than 800 respondents – the largest in the survey’s history - from both non-vendor and vendor communities. study reveal the cultural impact of open source software and its influence on everything from innovation, to collaboration among competitors, to hiring practices, is revolutionizing the way organizations work and do business.
It's been recognized that software is eating the world. Our seventh annual Future of Open Source survey points to the fact that open source is eating the software world. This year's results signal a shift in reasons why open source is chosen over proprietary alternatives. Increasingly, enterprises see it as leading innovation, delivering higher quality and driving growth rather than being just a free or low-cost alternative. Going forward, as broader adoption creates a virtuous cycle of innovation and investment, we can expect more disruption from open source, new business models and many more exciting new projects and companies, according to the North Bridge Press Release.
Cloud adoption continued to rise in 2013, with 75 percent of those surveyed reporting the use of some sort of cloud platform – up from 67 percent last year. That growth is consistent with forecasts from GigaOM Research, which expects the total worldwide addressable market for cloud computing to reach $158.8B by 2014, an increase of 126.5 percent from 2011.
This year’s survey finds several important shifts in why and how cloud computing is being used, obstacles to adoption, where cloud decision-making resides within organizations, and how the vendor landscape is changing. It also serves as a barometer for the industry’s progression. Feedback from across the different categories of respondents was consistent, signaling a convergence of vendor and user needs. Further, the survey reveals that business is driving the revolution deriving clear benefits from cloud adoption in the form of continuous innovation and business agility to yield competitive advantage.
2011 North Bridge Future of Open Source StudyNorth Bridge
2011 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Tom Erickson, CEO, Acquia; Adrian Kunzle, Managing Director, Head of Firmwide Engineering & Architecture, JP Morgan; Mike Olson, CEO, Cloudera; Jim Whitehurst, President & CEO, RedHat. The panel was chaired by North Bridge. More than 450 respondents took part in the 2011 survey, including representatives from both the vendor and non-vendor communities. Respondents were asked about a wide range of issues impacting the open source software (OSS) landscape, including: economic impact on OSS, key drivers and barricades for OSS adoption, and suggestions for building and maintaining a profitable OSS business model.
For the first time, supporting the fact that open source has truly gone mainstream, end users accounted for 60 percent of the survey respondents and the quality of responses continues to increase, spreading across all levels of IT management from developers to a large number of C-level executives. Respondents have identified SaaS, cloud and mobile as the main areas that will have a dramatic impact on open source and that are driving growth.
The open source customers are now more focused on maturing technology issues, including improved operational excellence around areas such as support, product management, feature functionality and return on investment. This is in contrast to earlier years where the survey had pointed to things such as the legal implications of licensing and conforming to internal policies.
56 percent of respondents believe that more than half of software purchases made in the next five years will be open source.
95 percent of respondents noted that a turbulent economy continues to be “good” for OSS, though for the first year ever, lower cost has been overtaken by freedom from vendor lock-in as what makes OSS more attractive.
When asked about revenue generating strategies likely to create value for vendors, 56% of the respondents said that an annual, repeatable support and service agreement was the most likely.
Participation rates are 40% higher in auto-enrollment plans compared to non-auto-enrollment plans. View auto-solutions trends including auto-enrollment, default deferral rates and auto-increase.
2008 North Bridge Future of Open Source StudyNorth Bridge
2008 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Roger Burkhardt, President & CEO, Ingres; Marten Mickos, SVP, Sun Microsystems; John Roberts, Chairman, CEO, SugarCRM; Mark Shuttleworth, Founder, Ubuntu Jeff Whatcott, VP Marketing, Acquia, Inc. The panel was chaired by North Bridge.
As presented via webinar.
The Open Source 360 survey is in its 11th year and surveyed over 800 IT professionals about their use of open source components and technologies. In prior years, this survey was known as the Future Of Open Source.
Key takeaways include:
- Open Source usage is growing within global organizations
- Organizations recognize risks of consumption exist
- Tooling to keep pace with risks is limited
- Contributions to project communities are key to success
A question of trust - understanding Open Source risksTim Mackey
As presented at the Bay Area Cyber Security Meetup on January 25th, 2018.
Open source development paradigms have become the norm for most software development. This is regardless of whether you're making the next great IoT device, a new container microservice, or desktop application. While open source components are often viewed as free, and definately help solve problems in a scalable way, using them in a secure manner requires an understanding of how open source development really works.
In this sesssion, I covered how secure development practices with data center regulations can benefit from an understanding of open source development. Specifically, we looked at fork management, community engagement and patch management. We ended with an open source maturity model.
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
Transcript of a sponsored discussion on how improving both development speed and security comes with new levels of collaboration and communication across disparate teams.
The results of North Bridge Venture Partners 2010 Future of Open Source survey were released at the Computerworld Open Source Business Conference. Michael Skok led a panel discussion on the topic with Dries Buytaert from Acquia, Jim Whitehurst from Red Hat, Tim Yeaton from Black Duck Software and Larry Augustin from SugarCRM.
During a recent webinar, Kevin Nassery, Software Security Practice Lead at Synopsys Software Integrity Group spoke to attendees about using metrics to drive their software security initiative.
ntuition can take you quite far at the beginning of your application security journey. But even the most experienced leaders will eventually need data to guide them through a decision or justify their investments. Well-designed software security metrics provide that compass.
For more information, please visit our website at https://www.synopsys.com/BSIMM
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
Our 2016 State of Bug Bounty Report announced that bug bounty programs adoption has increased 210% since 2013.
As more and more companies leverage the capabilities of the global researcher community to identify critical vulnerabilities, we must ask...has the bug bounty economy reached a tipping point?
Join Bugcrowd as we unpack the top trends in crowdsourced cybersecurity and review the key findings from The State of Bug Bounty Report 2016.
Webinar: https://www.brighttalk.com/webcast/14415/221275/the-bug-bounty-tipping-point-strength-in-numbers
This is a version of the presentation I created to apply for a job at Duo Security for a Product Marketing position. Feel free to use the ideas whatever you like.
Sameer Mitter |The impact of automation on the workforceSameer Mitter
The impact of automation on the workforce process is to explain in this document by Sameer Mitter. Sameer is an expert in Information Technology in London.
As 2016 is approaching, it's important to plan your marketing strategy for the year ahead. So what should marketers be aware of? Here is a list of 10 things you need to keep in mind in your social media marketing plan for 2016!
Today’s workers are more connected than ever—using multiple devices and applications to access and manage the constant stream of information that comes from living in an always-on world. But is hyper-connectedness helping employees be more productive or simply leaving them overwhelmed?
Research from Cornerstone OnDemand, conducted in collaboration with leading global insights firm Kelton, breaks down employees’ attitudes regarding technology in the workplace and their perspectives on whether company-provided applications are supporting how employees want to get their jobs done. The survey captures generation and industry-specific expectations across the board, with added insights on employees’ thoughts regarding collaboration and their willingness to use wearable technology in the workplace.
The survey reveals that the always-moving, always-on workplace is overwhelming employees — especially Millennials, the youngest of our workforce. Today’s workers are desperate to simplify the chaos, and employers can use these insights to facilitate the new world of work and close the gap between the types of technology organizations provide and what employees truly want in order to stay productive and perform at their very best.
The wearable trend is here and its impact will be broad and significant. From fitness, to wellness and beyond, wearable technology will be a major part of the internet of things movement.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Participation rates are 40% higher in auto-enrollment plans compared to non-auto-enrollment plans. View auto-solutions trends including auto-enrollment, default deferral rates and auto-increase.
2008 North Bridge Future of Open Source StudyNorth Bridge
2008 Future of Open Source study; presented at InfoWorld Open Source Business Conference Keynote Panel: Roger Burkhardt, President & CEO, Ingres; Marten Mickos, SVP, Sun Microsystems; John Roberts, Chairman, CEO, SugarCRM; Mark Shuttleworth, Founder, Ubuntu Jeff Whatcott, VP Marketing, Acquia, Inc. The panel was chaired by North Bridge.
As presented via webinar.
The Open Source 360 survey is in its 11th year and surveyed over 800 IT professionals about their use of open source components and technologies. In prior years, this survey was known as the Future Of Open Source.
Key takeaways include:
- Open Source usage is growing within global organizations
- Organizations recognize risks of consumption exist
- Tooling to keep pace with risks is limited
- Contributions to project communities are key to success
A question of trust - understanding Open Source risksTim Mackey
As presented at the Bay Area Cyber Security Meetup on January 25th, 2018.
Open source development paradigms have become the norm for most software development. This is regardless of whether you're making the next great IoT device, a new container microservice, or desktop application. While open source components are often viewed as free, and definately help solve problems in a scalable way, using them in a secure manner requires an understanding of how open source development really works.
In this sesssion, I covered how secure development practices with data center regulations can benefit from an understanding of open source development. Specifically, we looked at fork management, community engagement and patch management. We ended with an open source maturity model.
Capgemini and HPE Team Up to Foster Behavioral Change That Brings Better Cybe...Dana Gardner
Transcript of a sponsored discussion on how improving both development speed and security comes with new levels of collaboration and communication across disparate teams.
The results of North Bridge Venture Partners 2010 Future of Open Source survey were released at the Computerworld Open Source Business Conference. Michael Skok led a panel discussion on the topic with Dries Buytaert from Acquia, Jim Whitehurst from Red Hat, Tim Yeaton from Black Duck Software and Larry Augustin from SugarCRM.
During a recent webinar, Kevin Nassery, Software Security Practice Lead at Synopsys Software Integrity Group spoke to attendees about using metrics to drive their software security initiative.
ntuition can take you quite far at the beginning of your application security journey. But even the most experienced leaders will eventually need data to guide them through a decision or justify their investments. Well-designed software security metrics provide that compass.
For more information, please visit our website at https://www.synopsys.com/BSIMM
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
Our 2016 State of Bug Bounty Report announced that bug bounty programs adoption has increased 210% since 2013.
As more and more companies leverage the capabilities of the global researcher community to identify critical vulnerabilities, we must ask...has the bug bounty economy reached a tipping point?
Join Bugcrowd as we unpack the top trends in crowdsourced cybersecurity and review the key findings from The State of Bug Bounty Report 2016.
Webinar: https://www.brighttalk.com/webcast/14415/221275/the-bug-bounty-tipping-point-strength-in-numbers
This is a version of the presentation I created to apply for a job at Duo Security for a Product Marketing position. Feel free to use the ideas whatever you like.
Sameer Mitter |The impact of automation on the workforceSameer Mitter
The impact of automation on the workforce process is to explain in this document by Sameer Mitter. Sameer is an expert in Information Technology in London.
As 2016 is approaching, it's important to plan your marketing strategy for the year ahead. So what should marketers be aware of? Here is a list of 10 things you need to keep in mind in your social media marketing plan for 2016!
Today’s workers are more connected than ever—using multiple devices and applications to access and manage the constant stream of information that comes from living in an always-on world. But is hyper-connectedness helping employees be more productive or simply leaving them overwhelmed?
Research from Cornerstone OnDemand, conducted in collaboration with leading global insights firm Kelton, breaks down employees’ attitudes regarding technology in the workplace and their perspectives on whether company-provided applications are supporting how employees want to get their jobs done. The survey captures generation and industry-specific expectations across the board, with added insights on employees’ thoughts regarding collaboration and their willingness to use wearable technology in the workplace.
The survey reveals that the always-moving, always-on workplace is overwhelming employees — especially Millennials, the youngest of our workforce. Today’s workers are desperate to simplify the chaos, and employers can use these insights to facilitate the new world of work and close the gap between the types of technology organizations provide and what employees truly want in order to stay productive and perform at their very best.
The wearable trend is here and its impact will be broad and significant. From fitness, to wellness and beyond, wearable technology will be a major part of the internet of things movement.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight:Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security threat we face in 2018. Artifex and Hancom settle their long-running open source licensing dispute, and the hidden costs of open source security.
Read all the hottest open source security and cybersecurity news in this week’s Open Source Insight.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: Struts in VMware, Law Firm Cybersecurity, Hospital Data ...Black Duck by Synopsys
The need for cybersecurity vigilance is the overarching theme of this week’s news, as Google OSS-Fuzz finds more than 1,000 bugs, with 264 of them flagged as potential security bugs. The vuln that just keeps on strutting has impacted VMware products. Thousands of patient records are leaked in a New York Hospital data breach. More hospital data breaches may be imminent in the NHS Ransomware attacks announced today.
Open Source has the potential to deliver faster development cycles and better security than traditional proprietary approaches to software. However, turning the potential of Open Source into reality can be difficult. Recent security issues like Heartbleed, Shellshock and the Panama Papers highlighted some of the challenges users of Open Source can face. This talk will explore how we can address them.
Open Source Insight: OWASP Top 10, Red Hat OpenShift News, & Gmail Phishing ScamBlack Duck by Synopsys
On Wednesday, a worm started spreading around Gmail that suggested to users a friend or colleague was trying to share a Google Doc. Google has already disabled the offending accounts (only 0.1 percent were affected), and that it was able to stop the worm within an hour. We should take this as a wake-up that we're all potentially vulnerable to attack.
This week’s open source and open source security news includes stories on the eternal “open source good / bad” debate; 5 reasons why enterprises should be using open source; news from Red Hat Summit; and what CISOs need to known about cybersecurity.
CVE Numbers from the NVD: 1590 entries for April 2017; 50 entries currently for the month of May; a total of 5,238 reports to date for 2017.
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Black Duck by Synopsys
Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.
If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car
Open Source Insight: Drupageddon, Heartbleed Problems & Open Source 360 Surve...Black Duck by Synopsys
Open source insight this week on CVE-2014-3704, aka “Drupageddon” and CVE-2014-0160, the everlasting Heartbleed, plus results of our Open Source 360 Survey.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...Black Duck by Synopsys
Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story follows.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
Open Source Insight:IoT Security, Tech Due Diligence, and Software Security ...Black Duck by Synopsys
A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
Some interesting topics in this week’s Open Source Insight, including news that Equifax knew about its security issues more than a year before the fact. We also look at the use of AI for open source management; the ticking time bomb that is IoT security; a preview of the Legal track at Black Duck FLIGHT 2017, and to round out the month, we offer a fun infographic in the spirit of Halloween.
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...Black Duck by Synopsys
This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats?
Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?
All this and more open source security and cybersecurity news…
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...Black Duck by Synopsys
Black Duck is now a part of Synopsys, with the acquisition complete this week. Dr. Andreas Kuehlmann, General Manager of the Synopsys Software Integrity Group provides some background of how Synopsys and Black Duck joining forces will enhance the company’s efforts in the software security market by broadening our product offering and strengthening the Software Integrity Platform.
Tim Mackey, technical evangelist for Black Duck, tackles the tricky issue of container security. Mike Pittenger, vice president of security strategy for Black Duck, discusses open source security, the Equifax breach, OpenSSL and Heartbleed, and why a “software parts list” will become increasing important to organisations wanting to stay secure.
This week’s open source security and cybersecurity news follows in Open Source Insight.
While regulatory actions and the move to SaaS has added complexity to keeping enterprise IT secure, new technologies such as AI and DevSecOps offer new forms of relief.
Similar to Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictions for 2018 (20)
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR LoomingBlack Duck by Synopsys
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
Open Source Insight: Balancing Agility and Open Source Security for DevOpsBlack Duck by Synopsys
Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs. Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack. And why you should think like your attackers when developing your cybersecurity portfolio.
Read on for this week’s cybersecurity and open source security news in Open Source Insight!
Open Source Insight: Meltdown, Spectre Security Flaws “Impact Everything”Black Duck by Synopsys
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”
In other cybersecurity news, we look at 10 open source technologies you need to know about, cybersecurity predictions for 2018, and an interesting white paper published by the University of Michigan on identifying cybersecurity threats in connected vehicles.
Black Duck and Tech Contracts Academy discussed the implications of open source software in tech contracts. The topic of open source has been at the forefront of the technology industry for many years, but as the use of open source in commercial applications explodes, so do concerns about addressing license and ownership issues in contract negotiations.
David Tollen is the founder of Tech Contracts Academy (www.TechContracts.com) and of Sycamore Legal P.C., in San Francisco. He’s the author of The Tech Contracts Handbook: Cloud Computing Agreements, Software Licenses, and Other IT Contracts for Lawyers and Businesspeople. He will dive into these topics from the perspective of both buyers and sellers and aims to educate on Intellectual Property (IP) protection and other terms and how they should work during contract negotiations.
Shift Risk Left: Security Considerations When Migrating Apps to the CloudBlack Duck by Synopsys
In this session, we'll start with the basics of application security for an environment where development teams are able to push code into production at will. We quickly cover the basics and move on to the advanced topics of tests and models for long-term application security. We'll cover real-world Black Duck CI examples including keeping apps up-to-date in Pivotal Cloud Foundry environments, and end with tips for advocating for long-term security structures.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictions for 2018
1. Open Source Insight:
2017 Top 10 IT Security Stories, Breaches, and Predictions for 2018
Fred Bals | Senior Content Writer/Editor
2. Cybersecurity News This Week
We’re winding up 2017 with the leading security stories of the year, as well as what
2018 might bring in terms of open source and cybersecurity. Several Black Duck
and Synopsys’ bloggers weigh in with articles ranging from the need of SCA
(software composition analysis), through how developers can navigate the
sometimes stormy seas of software security, to addressing the issues of open
source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season
and will see you again in 2018!
3. • Top 10 IT Security Stories of 2017
• WHOIS The First Casualty Of GDPR?
• Synopsys: Going the Distance with Open Source
Vulnerabilities
• Red Hat's Strong Results Fail to Impress
Scrooge-ish Investors
• Top Security Breaches of 2017 (+2018 Cyber
Security Predictions)
Open Source News
4. More Open Source News
• 2018 AI/ML Predictions (Part 2)
• Infographic: Set the Course for Developers to
Navigate Software Security
• Web Services Security: Providers and Consumers
of APIs
• How Do You Address the Complexity of Open
Source in Tech Contracts?
• Container Adoption by the Numbers
5. via Computer Weekly: Another new and growing security challenge facing
organisations is security flaws in open source code that is incorporated into
software used by the enterprise. An analysis of more than 1,000 applications
by Black Duck’s Centre for Open Source Research and Innovation
(COSRI) revealed that 96% of applications across all industry sectors
contained open source and a large proportion were vulnerable to open source
security issues. Overall, 60% of the applications audited contained high-risk
vulnerabilities. The retail and e-commerce industry had the highest proportion
of applications with high-risk open source vulnerabilities, with 83% of audited
applications containing high-risk vulnerabilities.
Top 10 IT Security Stories of 2017
6. WHOIS The First Casualty Of GDPR?
via Forbes: On May 25, 2018 the swarm will
wash over us and it will be an unfortunate event
for those organizations who did not get out in front
of the issues that this works to resolve. To recap
from my earlier article about this, GDPR is a
concerted effort to bring all of the privacy
regulations in Europe under a single standard
bearer.
7. via Computer Weekly (Jim Ivers): With an SCA
tool, you would be able to quickly scan the
information repository and know where
vulnerabilities were used, and additional
information about the version. Furthermore,
anyone who tried to use the offending version of
Apache Struts after the vulnerability was
disclosed should get a warning about that
vulnerability from the SCA tool, so the problem is
addressed before the code is deployed.
Synopsys: Going the Distance with
Open Source Vulnerabilities
8. Red Hat's Strong Results Fail to Impress
Scrooge-ish Investors
via SiliconANGLE News: “By any measure, the price drop wasn’t
extreme and shareholders should be pleased by Red Hat’s more-than-
solid performance.”
9. via Synopsys Software Integrity blog: The
number of publicly disclosed vulnerabilities in
2017 far exceeds the number from any
previous year. Below is a graph generated by
the National Vulnerability Database that shows
the number of publicly disclosed vulnerabilities
by year…
Top Security Breaches of 2017
(+2018 Cyber Security Predictions)
10. 2018 AI/ML Predictions (Part 2)
via DZone: Patrick Carey, VP of Product Marketing, Black
Duck Software
Machine learning use will increase exponentially, powered by
open-source projects like Amazon DSSTNE (pronounced
“Destiny”). “If you want your project to grow, making the code
open-source will ensure its development,” says Amazon as it gives
away DSSTNE, an open-source machine learning framework,
developed initially to power its product recommendation systems.
Because of frameworks like this being released as open-source,
organizations will continually find more use for machine learning,
from analyzing network traffic for malicious code and actors to
improved diagnostics in medicine.
11. via Synopsys Software Integrity
blog: Security is essential to software
development, and security concerns have
moved far beyond “check the box.” View this
infographic to learn what developers need most
in a software security tool.
Infographic: Set the Course for Developers
to Navigate Software Security
12. Web Services Security: Providers and
Consumers of APIs
via Black Duck blog: In my previous posts, I've highlighted
the importance and challenges of web services. This time I want to
focus on web services security. The primary challenge is that it’s
difficult to control the flow of data that goes through APIs. For this
reason, organizations need to have fixed policies around
data provided through APIs. Organizations are adopting two basic data
security solutions to effectively utilize the power of APIs without
sacrificing security and privacy…
13. via Black Duck blog: Many of the code bases Black Duck
audited this year comprised more than half open source.
Combine that with the fact that most companies don’t track
or manage it very well, and you have a concerning basis for
a range of risks. Black Duck educational materials often
connect the dots to the implications for software
development and M&A due diligence, but open source risks
are an issue worthy of attention in any contract negotiation
involving software.
How Do You Address the Complexity of Open
Source in Tech Contracts?
14. Container Adoption by the Numbers
via Black Duck blog: With a far smaller computing footprint, containers
are simple and nimble—eliminating the need for IT Operations and
DevOps teams to worry about underlying architecture when they deploy
applications. As a result of their simplicity, 73% of companies who use
containers indicate a more consistent deployment process. The most
common sentiment towards containers in this survey indicated that they
play a key role in organizations’ DevOps strategy, likely due to the
ability to deploy consistently and with agility.
15. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.