On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces with Google to clean up software supply chains. If it’s not one thing it’s two things for Equifax. Ten steps you need to take now to comply with GDPR. And Black Duck’s new Hub plugin to Visual Studio IDE.
2. Cybersecurity News This Week
On this Friday the 13th, the paraskevidekatriaphobia edition of Open
Source Insight delves into scary software exploits like jeep hacking
and data breaches. October is Cybersecurity Awareness Month, but
how aware and cybersecure are the businesses holding our personal
data? Black Duck joins forces with Google to clean up software supply
chains. If it’s not one thing it’s two things for Equifax. Ten steps you
need to take now to comply with GDPR. And Black Duck’s new Hub
plugin to Visual Studio IDE.
3. • Jeep Hacking & the Security of Things:
Flight 2017
• It’s Cybersecurity Awareness Month. Do You
Feel More Cybersecure and Aware Yet?
• Google and Friends Open-Source Grafeas
API to Clean up Software Supply Chains
• Black Duck & Google Grafeas: Improving
Container Visibility & Security
• The Silver Lining on the Equifax Breach
Open Source News
4. More Open Source News
• Web APIs Are the New Open Source Software
• Equifax Takes Down Webpage After Report Of New
Cybersecurity 'Situation'
• Cyber Security Is A Business Risk, Not Just An IT
Problem
• 10 Steps Enterprises Need to Take to Comply with
GDPR
• Be Agile & Decrease Costs with Black Duck’s Visual
Studio IDE Plugin
5. via Black Duck blog (Kiara White): In less than a
month, FLIGHT 2017, Black Duck's user conference, will return to
the Seaport Hotel and World Trade Center in Boston,
Massachusetts. We're delighted to announce that notorious Jeep
hackers Chris Valasek and Dr. Charlie Miller will take the stage as
keynote speakers. They'll address the future of the security of
things, and the challenges and opportunities we'll face as machine
learning, autonomous vehicles, big data and the Internet of Things
converge to build products and services.
Jeep Hacking & the Security of Things:
Flight 2017
6. It’s Cybersecurity Awareness Month. Do You
Feel More Cybersecure and Aware Yet?
via Future Tense: October is Cybersecurity Awareness Month.
Maybe the best one can do to raise awareness is to tell fellow
internet users to read the news.
7. via Silicon Angle: The internet giant’s long list
of friends includes JFrog Ltd., Red Hat Inc., IBM
Corp., Black Duck Software Inc., Twistlock Ltd,
Aqua Security Software Ltd. and CoreOS Inc.
They’ve all joined forces to create a new
application programming interface
called Grafeas, which is an open source initiative
to “define a uniform way for auditing and
governing the modern software supply chain.”
Google and Friends Open-Source Grafeas
API to Clean up Software Supply Chains
8. Black Duck & Google Grafeas: Improving
Container Visibility & Security
via Black Duck blog (Sheryl Sage and Neal Goldman): Black Duck
has been working with Google on the development and testing of the
Grafeas API over the last year, and we are continuing to work with
Google to deliver on the vision of improving visibility into open source
vulnerabilities before they hit production environments. Because many
of our customers want to see the results of open source scans in the
consoles of their primary development and deployment tools, you’ll
continue to see improvements in the Black Duck’s integrations with
Google Cloud Platform, including the Grafeas API and other new
Google platform features.
9. via CSO: If we seize this moment to get people
more engaged in understanding and acting upon
information security and protection, it may turn
out that the Equifax breach was a good thing
after all.
The Silver Lining on the Equifax Breach
10. Web APIs Are the New Open Source Software
via Black Duck blog (David Znidarsic |
Founder & President of Stairstep
Consulting): If you are relaxing because you
have your open source usage under control,
beware. There is another increasingly
common type of ungoverned third-party code
that your engineers are using in your
products: Web APIs.
11. via NPR: On Thursday, Equifax explained
that it had taken the page offline after Ars
Technica, a website covering technology and
other topics, pointed out a potential issue:
fraudulent Adobe Flash updates.
Equifax Takes Down Webpage After Report Of New
Cybersecurity 'Situation'
12. Cyber Security Is A Business Risk,
Not Just An IT Problem
via Forbes: Gone are the days when companies could pass the
headaches of cyber security to the IT department, as it has become
more of a business issue too. This is especially important as
businesses are more digitized, meaning they are exposed to an
increasing number of threats if they do not manage the risk of security
properly.
13. via Information week: If your organization
doesn't have adequate data protection
measures in place, including assigning a data
protection officer, you could face steep fines
next May.
10 Steps Enterprises Need to Take to
Comply with GDPR
14. Be Agile & Decrease Costs with Black Duck’s
Visual Studio IDE Plugin
via Black Duck blog (Evan Klein): Black Duck’s new Hub plugin to
Visual Studio IDE can scan your code as your team is developing it,
immediately alerting you to any components with potential security
risks. Think of it as a spell checker for open source components.
Black Duck will tell you if a component is vulnerable or violates any
open source use policies that you’ve set. More detailed information is
only a click away in Black Duck Hub, where you can quickly find safer
versions and select the one that works best for your needs. The
plugin is a simple and unobtrusive tool, giving you the ability to make
corrections as you develop without creating a new process that
disrupts your work.
15. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.