A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.
At the same time, the cost of mitigation has soared, with the average breach costing $355 per stolen record for health care organizations.
via ITProPortal: A major driver of the technological revolution in medical devices is software, and that software is built on a core of open source. Black Duck’s 2017 Open Source Security and Risk Analysis (OSSRA) research found that the average commercial application included almost 150 discrete open source components, and that 67 per cent of the over 1000 commercial applications scanned included vulnerable open source components. The analysis made evident that the use of open source components in commercial applications is pervasive across every industry vertical, including the healthcare industry.
via The Register: Italian bank UniCredit admitted on Wednesday that a series of breaches, undetected for nearly a year, exposed the personal data of 400,000 loan applicants. Milan-based UniCredit said that it had closed the breach and informed authorities while embarking on a security audit that will likely tap into at least some of the €2.3bn budget previously allocated towards upgrading and strengthening its IT systems
via WinFuture (Germany): Banks do not seem to be particularly well placed for data security in banking apps. In a recent test carried out by the US consumer protection organization OTA, which looked at around a thousand websites of various financial services providers, the banks failed to perform well. According to an open source security and risk analysis (OSSRA) 2017 by Black Duck, an average of 52 open source vulnerabilities could be detected in banking applications.
via Symphony Foundation: Recent research from Black Duck’s Center for Open Source Research and Innovation (COSRI) shows that between 80 percent and 90 percent of the code in today’s apps is open source. While the audit confirms universal use, it also reveals the ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges.
“This is precisely where our Foundation provides value - by offering a secure and IP compliant, open source developer experience and software supply chain, while maintaining the high productivity typical of modern, open source communities and workflows,” said Peter Monks, VP of technology, Symphony Software Foundation. “After adding OpenShift support, we plan to continue investing in our Open Development Platform (our open source development reference-model), to provide our community with a shared, secure and compliant tool chain that can power open source collaboration.”
via Security Guy TV: Black Duck VP of Security Strategy Mike Pittenger talks open source security, IoT and more with Security Guy TV from the Black Hat 2017 show floor.
According to the Identity Theft Resource Center, the number of U.S. data breaches so far this year hit a half-year record of 791, which is 29 percent higher from this time last year.
Amid those figures, experts seem to have a bleak view of the state of information security. A survey of the top leaders at the Black Hat conference found 60 percent believe a successful cyberattack on U.S. critical infrastructure will likely occur in the next two years.
via CRNtv: CRNtv spoke with Black Duck CMO Bob Canaway about the company's recent collaboration with Pivotal Cloud Foundry. Black Duck is now a tile – a fully integrated installation package – on the Pivotal Network, enabling the company to secure and manage open source code for enterprise customers.
via Black Duck blog (Rob Hawkins): We are rapidly approaching the "iPhone moment" for the automotive industry. The vehicle will be the next mobile application platform, and those applications are going to be built on a foundation of open source components. If the explosion in mobile application development that has taken place in the last decade is any indicator, we are going to see both an unprecedented rate of innovation in the automotive industry as well as a proliferation of companies developing software specifically for "connected" vehicles.