This document covers various developments in open source security, including concerns over IoT security and the effectiveness of Linus' Law. It highlights the importance of software security training and due diligence for companies engaging with open source technologies, pointing out that many developers lack security skills. Additionally, it addresses the implications of GDPR on data privacy and the challenges facing the DevOps field.

1. Open Source Insight:
IoT Security, Tech Due Diligence, and Software Security Training
Fred Bals | Senior Content Writer/Editor

2. Cybersecurity News This Week
A grab-bag of open source security and cybersecurity news is in this
week’s edition of Open Source Insight. Is “many eyeballs” not
enough? Some security researchers think Linus’ Law doesn’t work
anymore. Black Duck by Synopsys kicks off a new video series with
MITRE IoT expert, Bob Martin. Learn how open source tech due
diligence helped one company close a deal securely. Should “Privacy
Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching
infographic on how too little software security training is putting many
companies at risk.

3. • Is the BSD OS dying? Some security
researchers think so
• Duck Talks: 20 Billion Reasons for IoT
Security
• What does DevOps do in 2018?
• When Good Containers Go Bad
• When Software is the Company, Tech Due
Diligence is Critical
Open Source News

4. More Open Source News
• Connected Vehicles: Could Open Source Software
Pose Cyber Security Risks?
• Privacy still an uphill climb on Data Privacy Day
• GDPR: Deadline looms but businesses still aren't
ready
• The 6 Biggest Challenges Facing DevOps
• Infographic: A lack of software security training puts
companies at risk

5. via CSO: Too few eyeballs on code is a security
issue as vulnerabilities go unreported and
unpatched. Can FreeBSD, OpenBSD, and NetBSD
survive?
Is the BSD OS dying? Some security
researchers think so

6. Duck Talks: 20 Billion Reasons for
IoT Security
via Black Duck blog (video): Bob Martin from MITRE is a
leading expert on Internet of Things security. His presentation “20
Billion Reasons for IoT Security” covered a range of topics
around IoT. He sat down with us at FLIGHT to discuss how we
should be thinking about IoT, what security concerns might
surface as these industries evolve, and how to manage the risks
appropriately.

7. via InfoSecurity: Open source will continue to
drive healthy competition. The days when
companies were afraid of using open source
software are pretty much long gone now. Almost
every recent successful online business has
been built on top of freely available software.
What does DevOps do in 2018?

8. When Good Containers Go Bad
via Sysbus (Germany): Data center operators face challenges in
terms of infrastructure complexity and application speed, while at
the same time addressing compliance with global governance
regulations, such as the General Data Protection Regulation
(GDPR).

9. via Black Duck blog: The need to understand open
source risk in a recent acquisition was the driver for
the leading provider of patient medical financing
options, AccessOne, to reach out to Black Duck by
Synopsys for an open source code audit.
When Software is the Company, Tech Due
Diligence is Critical

10. Connected Vehicles: Could Open Source
Software Pose Cyber Security Risks?
via Software Testing News: Vehicle manufacturers need to adopt
a cyber security approach to that addresses not only obvious
exposures in their car’s software but also the hidden vulnerabilities
that could be introduced by open source components in that
software.

11. via Synopsys Software Integrity blog: You could make
a pretty solid case that a decade later, this year’s
observance, on Sunday, ought to be called Lack of
Privacy Day. That’s even with the looming
implementation in May of the General Data Protection
Regulation (GDPR) by the European Union — a move
toward privacy protections explained in detail by
Synopsys security consultant Stephen Gardner in a blog
post earlier this month.
Privacy still an uphill climb on
Data Privacy Day

12. GDPR: Deadline looms but businesses
still aren't ready
via ZDNet: The UK government is warning organisations that they
must prepare for new data protection laws now — or face the
consequences when they come into force.

13. via InformationWeek: The DevOps field now
embraces millions of software developers and
entrepreneurs who have adjusted their teams and
core philosophies to fall in line with the DevOps
vision. However, these guiding principles are still
evolving, and if you want to remain relevant and
agile in 2018, you’ll need to evolve with them.
The 6 Biggest Challenges Facing DevOps

14. Infographic: A lack of software security
training puts companies at risk
via Synopsys Software Integrity blog: An old proverb states that if
you give a man a fish, you feed him for a day; but, if you teach a man to
fish, you feed him for life. Software security training aligns very well with
this proverb. The majority of developers don’t come equipped with
security skills. In fact 95% of software security bugs are caused by just
19 programming flaws. And yet, only 2.8% of undergraduate computer
science programs require a security course.

15. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.