This week we have news on the upcoming Red Hat Summit, an updated OWASP Top 10, technical due diligence, World IP Day and more. We continue to see coverage of our 2017 Open Source Security and Risk Analysis, outlining risks related to not maintaining open source components and license compliance.
Red Hat Summit, World IP Day, and the new OWASP Top 10
1. Open Source Insight:
Red Hat Summit, World IP Day,
and the new OWASP Top 10
By Haidee LeClair, Content & Social Media Manager
2. This week we have news on the
upcoming Red Hat Summit, an updated
OWASP Top 10, technical due diligence,
World IP Day and more. We continue to
see coverage of our 2017 Open Source
Security and Risk Analysis, outlining
risks related to not maintaining open
source components and license
compliance.
This Week’s Key Takeaways
3. Open Source Security & Risk Analysis
As a follow up to our full security and
risk analysis, we also released
our OSSRA infographic, which provides
a high level overview of the report.
Our Center for Open Source Research &
Innovation (COSRI) anonymized and
analyzed over 1000 audits, revealing a
surprising gap in open source
management.
4. Next week we'll be hanging out in Boston at
the Red Hat Summit and taking a close look
at OpenShift. Join Tim Mackey (Technology
Evangelist at Black Duck) on Thursday, May
4th at 11:30 am to discuss “Integrated
security in CI/CD with Red Hat OpenShift”
with Justin Goldsmith (Consulting Architect -
Red Hat), and Brent Baude (Principle
Software Engineer at Red Hat). Learn more
about this session here.
Join Black Duck at the Red Hat Summit 2017
5. New OWASP Top 10 Reveals Critical
Weakness in Application Defenses
Dark Reading published commentary by Jeff Williams, CTO of
Contrast Security, who said "It's time to move from a
dependence on the flawed process of vulnerability identification
and remediation to a two-pronged approach that also protects
organizations from attacks."
The OWASP Top 10 is a great resource for anyone pursuing
application security. We'll be taking a look at the new list soon.
Key to developers using open source is that using code with
known vulnerabilities remains on the list at A9.
6. Phil Odence, Vice President & General Manager, takes a
look at the Open Source Security and Risk Analysis
from the Mergers & Acquisitions perspective,
particularly for anyone involved in technical due
diligence. Phil says, "The theoretical risks associated
with open source are clear: most companies use a lot of
open source but don’t sufficiently track which
components are in their code, leaving their applications
susceptible to license, security, or operational problems.
This report goes beyond the theoretical with hard data
revealing issues discovered in real software."
New Research Reveals Wisdom of Due Diligence
7. 5 More Open Source Companies to Watch in 2017
Given the recent news about the Cloudera
IPO, here's an introduction to five startups
focused on enterprise IT and built on open
source foundations. Get to know them in
this Network World article.
8. We asked Hal Hearst, Principal Product
Manager, to discuss the new architecture
coming to the Black Duck Hub and why
that's important to our customers. Hal said,
"With the new architecture, the Hub is now
available to be run as a set of Docker
containers for the various components in
the application. Rather than using our own
custom orchestration method (which we
called “appMgr”), the Hub will now leverage
Docker-based mechanisms." Learn more in
his blog post.
Black Duck Hub - Dockerized App
9. Open Source Security Risks Persist in
Commercial Software [Infographic]
CSO published an article that provides a
great framework for our OSSRA Infographic.
"The use of open source occurs in all
industries by organizations of all sizes for
good reason. It lowers development costs,
speeds time to market, and accelerates
innovation. Black Duck’s On-Demand audits
found that on average, open source
comprised 36 percent of the code base in the
scanned applications."
10. Happy World IP Day
We had a lot of fun creating a video to
celebrate World IP Day. We're happy that our
work helps our customers protect the
intellectual property of the creators. The
World Intellectual Property Organization
(WIPO) created the day 17 years ago to
promote and protect creative ideas, including
music, art, trademarks, writings and
inventions.
11. Intellectual Property Watch reported an initiative by
OpenSourceSeeds to offer open source-licensed seeds to
strengthen "copyleft" for new plant varieties. Not our usual type
of story, but an interesting look at how open source licenses can
impact plant varieties.
"To make seeds open source was a necessary answer to the
increasing market concentration and resulting reduction in
genetic diversity in plant varieties. The lack of varieties and
spread of uniform cropping systems over large areas present a
risk for global food and nutrition security, according to the
OpenSourceSeeds initiative."
New Open Source License For Seeds
12. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.