This document provides a summary of cybersecurity and open source news stories from March 2nd. It discusses the need to incorporate application security practices into the DevOps process. It also looks at deciding between open source and proprietary software based on factors like code transparency and vendor support. Additionally, it reports that one in eight open source components contain security flaws and explains why enterprises need a comprehensive software security program rather than isolated security activities. Finally, it provides answers to frequently asked questions about the GDPR regulation and notes unexpected places where GDPR-related data can be found.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious AIs & GDPR
1. Open Source Insight:
AppSec for DevOps, Open Source vs Proprietary,
Malicious AIs & GDPR
By Fred Bals, Senior Content Strategist
2. Cybersecurity News This Week
Welcome to the March 2nd edition of Open Source Insight from Black Duck by
Synopsys! We look at places you’d never expect to find GDPR data, as well as
answers to your most-frequently-asked GDPR questions. Synopsys Principal
Scientist Sammy Migues explores why enterprises must have a software security
program while Black Duck Technology Evangelist, Tim Mackey, takes a look at
building application security into the heart of DevOps. Plus, a report that may give
you nightmares on the malicious possibilities of AI. All the cybersecurity and open
source security news fit to print lies ahead for your reading pleasure…
3. • Why You Need to Build AppSec into Your DevOps Process
• How to Decide If Open Source or Proprietary Software Solutions
Are Best for Your Business
• One in Eight Open Source Components Contain Flaws
• Why Do Enterprises Need a Software Security Program?
• The Malicious Use of Artificial Intelligence: Forecasting,
Prevention, and Mitigation
Open Source News Stories
4. • The Many Beating Hearts of UK Tech
• Tech Due Diligence: Helping PE Firms Invest with
Confidence
• Amazon's Alexa Takes Open-Source Route to Beat
Google Into Cars
• Here Are the Answers to the Most Frequently Asked
Questions About GDPR
• 10 Unexpected Places You May Find GDPR-Related Data
Open Source News Stories
5. Why You Need to Build AppSec into Your
DevOps Process
via Black Duck blog: Application development thrives on the use of open
source components, writes Black Duck Technology Evangelist, Tim Mackey.
Why? Quite simply, there are many benefits to using open source components,
including the ability to leverage skill sets and expertise of the open source
community, take advantage of the efforts of larger development teams, and
reduce costs. To use open source components safely and
responsibly, organizations need visibility into which open source
components they’re using, where those components originate, and understand
the associated security risk of each component.
6. How to Decide If Open Source or Proprietary Software
Solutions Are Best for Your Business
via TechRepublic: One of the advantages of open source - transparent,
customizable code which is accessible by anyone - can be turned into a
disadvantage. If the code contains vulnerabilities which can be exploited, malicious
individuals may be able to capitalize upon this. Without a proprietary vendor on the
hook for releasing updates, fixes may be slower to arrive (though to be fair a strong
developer community can develop solutions more readily as well).
7. One in Eight Open Source Components Contain Flaws
via InfoSecurity Magazine: The security problems associated with open source
components are nothing new. A study from Synopsys last year revealed that half
of the third-party components used in software applications are outdated and
possible insecure. Yet another report, this time from Black Duck’s Center for
Open Source Research and Innovation last year, claimed that over 60% of all
apps using open source components contain known software vulnerabilities.
8. Why Do Enterprises Need a Software
Security Program?
via InfoSecurity Magazine: In today’s complex, technology-dependent
enterprises, the answer to “Why?” is straightforward, writes Sammy Migues,
Principal Scientist at Synopsys. Enterprises cannot expect a collection of
independent activities—a pen test here, an hour of training there, some free
tools that may not work as advertised to consistently result in secure software.
9. via University of Oxford: This report surveys the
landscape of potential security threats from malicious
uses of artificial intelligence technologies, and
proposes ways to better forecast, prevent, and
mitigate these threats.
The Malicious Use of Artificial Intelligence:
Forecasting, Prevention, and Mitigation
10. via UKTN: The Northern Irish capital is emerging as a
growing cyber hub, as evidenced by a number of leading
companies establishing a presence there in the last few
years. In 2016 alone, three major US software firms –
Black Duck, Rapid 7 and Alert Logic – came to the city,
bringing with them more than 200 jobs.
The Many Beating Hearts of UK Tech
11. via Black Duck blog: In technology deals, one of the
biggest areas of focus for PE firms before final
acquisition is tech due diligence to help acquirers
understand the intellectual property they’re buying.
Savvy buyers will also put processes in place to
maintain the value of the assets acquired and to
ensure there are no issues with those assets when it’s
time to divest.
Tech Due Diligence: Helping PE Firms
Invest with Confidence
12. via Bloomberg Technology: Cars must use Automotive Grade Linux, an open-
source platform being developed by Toyota Motor Corp. and other auto
manufacturers and suppliers to underpin all software running in the vehicle. The
only cars currently on the system are Toyota’s new Camry and Sienna and the
Japanese version of the plug-in Prius, though the carmaker plans to expand that
list. AGL has been growing too, reaching 114 members currently, up from around
90 a year earlier. Amazon signed on last month.
Amazon's Alexa Takes Open-Source Route
to Beat Google Into Cars
13. Here Are the Answers to the Most Frequently Asked
Questions About GDPR
via Synopsys Software Integrity blog: GDPR will become fully enforceable
throughout the EU on May 25, 2018.
14. 10 Unexpected Places You May Find GDPR-Related Data
via CMSWire: GDPR is months away and yet even well-prepared companies
are finding last minute surprises as they race to the finish line. Part of the
problem is that the regulation itself is so complex; another part is the surprising
range of data that fall under the regulation.