This document outlines key updates in open source security and application testing, highlighting that Synopsys remains a leader in the 2018 Gartner Magic Quadrant while GitHub reports 4 million flaws in public code. It also recognizes the best open source projects of 2018 and discusses the challenges and benefits of incorporating open source in various industries, including automotive and elections. The importance of community engagement and innovation among open source projects is emphasized throughout.

1. Open Source Insight:
GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018
Open Source Rookies
By Fred Bals, Senior Content Strategist

2. Cybersecurity News This Week
A big news week for Synopsys and Black Duck as Gartner
releases the 2018 Gartner Magic Quadrant for Application
Security Testing and the 2018 Open Source Rookies of the
Year are announced. More on these stories and the hottest open
source security and cybersecurity news in this week’s Open
Source Insight!

3. • Synopsys maintains leadership position in the 2018
Gartner Magic Quadrant for Application Security
Testing
• GitHub inspection discovers 4 million flaws In
public code
• The best open source rookies of 2018
• Synopsys reveals its open-source rookies of the
year
• What and who are the Open Source Rookies of the
Year?
Open Source News Stories

4. • What it takes to be an Open Source Rookie
• With much of the Data Center stack open
source, security is a special challenge
• Safety first: the auto industry looks to open
source to uncover new sources of revenue
• Weighing the pros and cons of open sourcing
election software
Open Source News Stories

5. Synopsys maintains leadership position in the 2018 Gartner
Magic Quadrant for Application Security Testing
via Synopsys Software Integrity blog: I’m proud to report that the
2018 Gartner Magic Quadrant for Application Security Testing has
positioned Synopsys as a leader for the second consecutive year. This
designation clearly illustrates our growing vision and ability to execute
on our solutions. For more information, download your copy of
the 2018 Gartner Magic Quadrant for Application Security Testing.

6. GitHub inspection discovers 4 million
flaws In public code
via Silicon UK: “In general, we support initiatives like GitHub’s Security Alerts
as they aim to help open source project teams produce more secure code,”
explained Tim Mackey, technology evangelist at open source code security
experts Black Duck by Synopsys. “Open source is pervasive and it plays an
increasingly critical role in the software ecosystem, so any measures that
bolster open source security should be applauded,” he added. It should be
noted that Black Duck by Synopsys does provide a similar free service for
open source project teams called CoPilot.

7. The best open source rookies of 2018
via Infoworld: Over the last decade, Black Duck by Synopsys has
recognized some of the most innovative and influential open source
projects launched each year. This recognition is a tribute to the
success and momentum of these projects, and affirmation of their
prospects going forward. We’ve seen honorees like Kubernetes
(2014), Docker (2013), Ansible (2012), Bootstrap (2011), NuGet
(2011), and OpenStack (2010) evolve to become some of the most
influential open source projects in the market. We expect this year’s
rookies to be no exception.

8. Synopsys reveals its open-source
rookies of the year
via SD Times: Synopsys is continuing on with Black Duck’s tradition
of naming Open Source Rookies of the Year. The decade-long
tradition was established by Black Duck and designed to recognized
the latest and greatest open-source projects. Synopsys announced it
had acquired Black Duck Software in December of last year. The
Open Source Rookies represent the top open source projects that
were initiated in 2017. The projects cover a range of different areas
including autonomous driving, scalable blockchain, and virtual
network functions orchestrations, personal security, and relationship
management.

9. What and who are the Open Source
Rookies of the Year?
via Synopsys Software Integrity blog: At Black
Duck by Synopsys, we work with the community
and organizations to understand how the open
source community is thinking about technology and
the future. As part of that process, we view our
connection to the open source community as a key
component to understanding both where the
development community is and where the open
source community is moving next.

10. What it takes to be an
Open Source Rookie
via Black Duck blog: 2018 is the Rookies report’s
10th anniversary, and this year’s honorees
exemplify the core tenets of open source. They
push the boundaries of technological innovation,
build on the contributions of projects before them,
lay the foundation for projects that succeed them
to innovate, and engage the community for
material contributions to—and strategic guidance
on—the projects themselves.

11. via Data Center Knowledge: Even commercial
software is not immune to the open source trend.
According to Synopsys-owned Black Duck Software,
which tracks open source code, open source
components are now present in 96 percent of
commercial applications. Open source components
make development faster and cheaper for both
commercial software shops and in-house teams. "All
of these things lead to a stack of open source," said
Tim Mackey, senior technical evangelist for Black
Duck. But there's a downside to the spread of open
source code, and that downside is patch management.
With much of the Data Center stack open
source, security is a special challenge

12. via Linux Foundation: Banking, Commerce, Media, Agriculture,
Energy and other massive industry sectors are wholly dependent on
the widespread use of open source software to function. Of course,
each industry is different and faces its own set of unique challenges
and requirements. In particular, the automotive industry is rightfully
cautious about all software, not just open source. However, the
industry has come to trust proven platforms that have shown results
over time, rather than novel capabilities.
Safety first: the auto industry looks to open source to
uncover new sources of revenue

13. via Black Duck blog: Open source voting applications
are already playing a role in elections in New
Hampshire. San Francisco, Los Angeles, and Travis
County, Texas are allocating funds to move toward
open source voting systems as well. If the FEC does
replace proprietary software with open source, it
should consider automated security tools in addition to
the open source community to provide a more
complete application security picture.
Weighing the pros and cons of open
sourcing election software