Black Duck Teams with Google, Connected Cars, FinTech Compliance

Black Duck Teams with Google, Connected Cars, FinTech Compliance

Black Duck and Google partner so that open source vulnerability management can be integrated directly with build and deployment activities in the cloud. Connected car news includes BMW adding on to its connected car services; concerns on how code vulnerabilities might lead to driving dangers; and why auto OEMs need to pay more attention to cybersecurity, including open source security. Plus, the costs of GDPR compliance; a primer on CVEs; and HIPAA compliance for the software you build.

Black Duck Partners with Google to Automate Security Compliance

via CloudPro: Open source security vendor Black Duck has partnered up with Google to help the tech giant's customers benefit from Black Duck's automated security and productivity container tech, offering enhanced intelligence, visibility and control of risks.

Black Duck and Google Help Teams Build Cloud Apps with Confidence

via Black Duck blog (Evan Klein): What Security and DevOps teams desperately need is open source security that works in the cloud, is automated as part of your CI/CD pipeline, and finds open source security vulnerabilities and code quality issues earlier in the application development lifecycle. They need a solution that eases the transition to building and deploying in the cloud. 

BMW Basically Wants You to Live and Work in Your Connected Car

via CNet: BMW announced on Wednesday three separate technologies that it hopes will fuel the next generation of connected cars from BMW Group. Connected+ builds upon BMW's current connected-car services. BMW ID brings a new level of personalization to not just one, but all connected BMWs. Finally, there's integration with Microsoft Exchange and Skype.

How Code Vulnerabilities Can Lead to Bad Accidents

via DarkReading: Building a Web application or API with open source components has direct parallels to building a car. Anyone using open source components must be aware that there will be vulnerabilities. And whether you’re building a car or software, your product is only as good as the components you use. Frankly, cars these days are basically software on wheels, but our software supply chain is full of holes.

OEMs Must Shift Gears in Their Approach to Cyber Security

via Automotive World: This blend of new and legacy components means that as the car becomes more connected, its vulnerability to digital attacks grows — and so does the potential damage one can cause.

Safety, Security & Open Source in the Automotive Industry

via Black Duck blog (Fred Bals): Just as lean manufacturing and ISO-9000 practices brought greater agility and quality to the automotive industry, visibility and control over open source will be essential to maintaining the security of automotive software applications.

Managing and Securing Open Source in the Automotive Industry

The High Costs of GDPR Compliance

via DarkReading: When asked where privacy professionals need the most help, complying with data privacy requirements, and developing a GDPR plan topped the list at 39%, followed by addressing international data transfers (36%) and meeting regulatory reporting requirements (30%).

FinTech Compliance is Evolving to Safeguard Your Information

via Black Duck blog (Steven Zimmerman): Organizations have begun to address the need for regulatory and compliance standards by targeting FinTech security risks and technology-enabled financial services first, particularly those related to application vulnerabilities.

What Is the CVE and How Does It Work?

via CSO: The Common Vulnerabilities and Exposures (CVE) Program has been cataloging software and firmware vulnerabilities for 18 years. Here’s how it can help you secure your company’s network. 

HIPAA Compliance for the Software You Build

via Black Duck blog (Mike Pittenger): For software and device manufacturers attempting to comply with HIPAA and FDA guidelines, the answers aren’t always easy. Building secure applications and devices requires a new way of thinking about requirements. It also requires a new approach to identifying weaknesses in software and devices that could result in security issues. 

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Devil’s Ivy, Bad Taste, & New SambaCry Vulnerability

| Jul 21, 2017

We have two CVEs of the week this week, CVE-2017-9765, better-known as “Devil’s Ivy,” and CVE-2017-11421, dubbed “Bad Taste” by its discoverer. Devil’s Ivy results in remote code execution, and was found in an open source third-party code library from gSOAP. When exploited, it allows an attacker

| MORE >

Top Picks for Black Hat, GDPR & Open Source Webinar, UN Cybersecurity Report

| Jul 7, 2017

Our vulnerability of the week is CVE-2017-7526, which resides in the Libgcrypt cryptographic library used by GnuPG. Exploiting the vulnerability, security researchers were able to successfully extract the secret RSA-1024 key to decrypt data. Libgcrypt has released a fix for the issue in Libgcrypt

| MORE >