This document discusses the challenges and security threats related to container technology and open source software, highlighting insights from experts at Black Duck Software, including Tim Mackey and Mike Pittenger. Key topics include the importance of security in managing open source components, an analysis of 2018's significant cybersecurity threats, and updates on recent open source licensing disputes. It also covers trends in data centre security and the increasing reliance on open source solutions in various industries.

1. Open Source Insight:
Container Tech, Data Centre Security & 2018's Biggest Security Threat
Fred Bals | Senior Content Writer/Editor

2. Cybersecurity News This Week
Black Duck senior technology evangelist Tim Mackey talks containers this week at
DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,”
with IT Pro, Cloud Pro and Data Centre News. Black Duck VP of Security Strategy
Mike Pittenger shares his thoughts on the biggest security threat we face in 2018.
Artifex and Hancom settle their long-running open source licensing dispute, and
the hidden costs of open source security.
Read all the hottest open source security and cybersecurity news in this
week’s Open Source Insight.

3. • Q&A: How Do Good Containers Go Bad?
• Why Container Tech Is the Backbone of
DevOps
• Data Centre Security: Proactive or Reactive?
• What Will Be the Single Biggest Security
Threat of 2018?
• AWS integration of Black Duck Hub
• The Hidden Costs of Open Source Security
Software
Open Source News

4. More Open Source News
• Artifex and Hancom Reach Settlement Over Ghostscript Open
Source Dispute
• Cybersecurity Concerns Surround the Promise of Driverless
Cars
• Finra: Firms Begin to Heed Cybersecurity, but Have Much to
Do
• Assume Every Application is a Cloud Application
• Secure DevOps Takes Black Duck FLIGHT by Storm
• If GDPR Compliance Doesn't Start With Information
Governance, You'll Probably Fail

5. via IDG: Tim Mackey, technical evangelist for
open source security company Black Duck
Software, spoke at London’s DevSecCon about
“When Good Containers Go Bad”. In the
following lightly edited Q&A we pick his brains on
the subject.
Q&A: How Do Good Containers Go Bad?

6. Why Container Tech Is the Backbone
of DevOps
via ITPro and CloudPro: Tim Mackey, a technical evangelist for
Black Duck Software, also specialises in container solutions. His
company's software helps firms locate, manage and secure open
source code and he recently gave a talk at DevSecCon, where he
spoke about what happens when good containers go bad. Mackey
says companies need to ensure they have the right security in place
if container technology is to be effective.

7. via Data Centre News: Tim Mackey, technology
evangelist at Black Duck Software, discusses
potential risks and considerations when it comes
to data center operations in a containerized
environment.
Data Centre Security: Proactive or
Reactive?

8. What Will Be the Single Biggest Security
Threat of 2018?
via IDG Connect: “The failure to properly manage and secure the open
source components making up increasingly large portions of commercial
and custom software will be one of the most significant cybersecurity
threats to organisations in 2018,” Mike Pittenger, VP Security Strategy at
Black Duck Software.

9. via Dev Insider: If you use PaaS services for
development, creation and deployment
processes, you want to spend as little time as
possible on security. DevOps teams, who need
to update their applications frequently and add
new open source components as part of these
processes, will now benefit from Black Duck
Hub.
AWS integration of Black Duck Hub

10. The Hidden Costs of Open Source
Security Software
via Information Week: Open source software, such as the Linux
OS, the WordPress CMS, and thousands of different cyber
security tools, has exploded in popularity. Black Duck’s 2017 Open
Source 360° survey found that 90% of organizations use open
source software, and 60% of respondents reported that the use of
their organization's open source software had increased over the
previous year.

11. via the Daily Telescope: While the parties had
their differences in the interpretation of the open
source license, the companies were able to
reach an amicable resolution based on their
mutual respect for and recognition of the
copyright protection and the open source
philosophy. Terms of the settlement remain
confidential.
Artifex and Hancom Reach Settlement Over
Ghostscript Open Source Dispute

12. Cybersecurity Concerns Surround the
Promise of Driverless Cars
via Upstate Business Journal: In many ways, the digital vehicle is
here already. The more advanced cars on the road today employ about
100 million lines of computer code. That code directs more than 100
electronic control devices that run the car. Today’s automobiles are in a
sense computers with seats and an engine.

13. via Investment News: Adviser awareness about
cybersecurity has increased substantially over the past two
years, and most firms have either established or are in the
process of establishing written policies and procedures for
protecting investor information, the Financial Industry
Regulatory Authority noted Wednesday in a report detailing
findings from a recent self-examination.
Finra: Firms Begin to Heed Cybersecurity, but
Have Much to Do

14. Assume Every Application is a
Cloud Application
via Black Duck blog (David Znidarsic | Founder & President of
Stairstep Consulting): If prevention or knowledge of an application’s
online access is important to you, you need to do a technical analysis of
what is and what is not accessed; don’t rely on marketing materials and
naïve categorizations. In the absence of such an analysis, assume
every application you use is sending data to and receiving data from the
Internet.

15. via Black Duck blog (Steven Zimmerman):
Among the attendees were many making a push
for secure DevOps, the industry’s hot new term
for the interplay between agile application
development and secure operations at scale,
with unhindered information flow across groups.
In order to achieve the “secure” part of secure
DevOps, people are putting their best foot
forward to manage open source vulnerabilities
during development and in production.
Secure DevOps Takes Black Duck FLIGHT
by Storm

16. If GDPR Compliance Doesn't Start With
Information Governance, You'll Probably Fail
via Forbes: Satisfying Article 32’s requirements to secure processing
(not to mention Article 5’s retention limitations on personal data and
Article 17’s right to have personal data erased) requires a
comprehensive understanding of what information assets exist, their
value and location and who has access to them.

17. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.