Black Duck and Google partner so that open source vulnerability management can be integrated directly with build and deployment activities in the cloud. Connected car news includes BMW adding on to its connected car services; concerns on how code vulnerabilities might lead to driving dangers; and why auto OEMs need to pay more attention to cybersecurity, including open source security. Plus, the costs of GDPR compliance; a primer on CVEs; and HIPAA compliance for the software you build.
via CloudPro: Open source security vendor Black Duck has partnered up with Google to help the tech giant's customers benefit from Black Duck's automated security and productivity container tech, offering enhanced intelligence, visibility and control of risks.
via Black Duck blog (Evan Klein): What Security and DevOps teams desperately need is open source security that works in the cloud, is automated as part of your CI/CD pipeline, and finds open source security vulnerabilities and code quality issues earlier in the application development lifecycle. They need a solution that eases the transition to building and deploying in the cloud.
via CNet: BMW announced on Wednesday three separate technologies that it hopes will fuel the next generation of connected cars from BMW Group. Connected+ builds upon BMW's current connected-car services. BMW ID brings a new level of personalization to not just one, but all connected BMWs. Finally, there's integration with Microsoft Exchange and Skype.
via DarkReading: Building a Web application or API with open source components has direct parallels to building a car. Anyone using open source components must be aware that there will be vulnerabilities. And whether you’re building a car or software, your product is only as good as the components you use. Frankly, cars these days are basically software on wheels, but our software supply chain is full of holes.
via Automotive World: This blend of new and legacy components means that as the car becomes more connected, its vulnerability to digital attacks grows — and so does the potential damage one can cause.
via Black Duck blog (Fred Bals): Just as lean manufacturing and ISO-9000 practices brought greater agility and quality to the automotive industry, visibility and control over open source will be essential to maintaining the security of automotive software applications.
via DarkReading: When asked where privacy professionals need the most help, complying with data privacy requirements, and developing a GDPR plan topped the list at 39%, followed by addressing international data transfers (36%) and meeting regulatory reporting requirements (30%).
via Black Duck blog (Steven Zimmerman): Organizations have begun to address the need for regulatory and compliance standards by targeting FinTech security risks and technology-enabled financial services first, particularly those related to application vulnerabilities.
via CSO: The Common Vulnerabilities and Exposures (CVE) Program has been cataloging software and firmware vulnerabilities for 18 years. Here’s how it can help you secure your company’s network.
via Black Duck blog (Mike Pittenger): For software and device manufacturers attempting to comply with HIPAA and FDA guidelines, the answers aren’t always easy. Building secure applications and devices requires a new way of thinking about requirements. It also requires a new approach to identifying weaknesses in software and devices that could result in security issues.