Hospital, Medical Devices, Banking, Automotive Cybersecurity

Hospital, Medical Devices, Banking, FinTech, and Automotive Cybersecurity News

A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.

Hospitals Face Growing Cybersecurity Threats

via NPR: Other industries, like financial services and the federal government, have devoted more than 12 percent of their IT budgets to cybersecurity. Health care averages just half that.

At the same time, the cost of mitigation has soared, with the average breach costing $355 per stolen record for health care organizations. 

The Need for Open Source Security in Medical Devices

via ITProPortal: A major driver of the technological revolution in medical devices is software, and that software is built on a core of open source. Black Duck’s 2017 Open Source Security and Risk Analysis (OSSRA) research found that the average commercial application included almost 150 discrete open source components, and that 67 per cent of the over 1000 commercial applications scanned included vulnerable open source components. The analysis made evident that the use of open source components in commercial applications is pervasive across every industry vertical, including the healthcare industry.

Details of 400,000 Loan Applicants Spilled in UniCredit Bank Breach

via The Register: Italian bank UniCredit admitted on Wednesday that a series of breaches, undetected for nearly a year, exposed the personal data of 400,000 loan applicants. Milan-based UniCredit said that it had closed the breach and informed authorities while embarking on a security audit that will likely tap into at least some of the €2.3bn budget previously allocated towards upgrading and strengthening its IT systems

UniCredit Bank: Hackers Can Access Data From 400,000 Customers

via WinFuture (Germany): Banks do not seem to be particularly well placed for data security in banking apps. In a recent test carried out by the US consumer protection organization OTA, which looked at around a thousand websites of various financial services providers, the banks failed to perform well. According to an open source security and risk analysis (OSSRA) 2017 by Black Duck, an average of 52 open source vulnerabilities could be detected in banking applications.

Symphony Software Foundation Sets Out to Build a New Fintech Innovation Model

via Symphony Foundation: Recent research from Black Duck’s Center for Open Source Research and Innovation (COSRI) shows that between 80 percent and 90 percent of the code in today’s apps is open source. While the audit confirms universal use, it also reveals the ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges.

“This is precisely where our Foundation provides value - by offering a secure and IP compliant, open source developer experience and software supply chain, while maintaining the high productivity typical of modern, open source communities and workflows,” said Peter Monks, VP of technology, Symphony Software Foundation. “After adding OpenShift support, we plan to continue investing in our Open Development Platform (our open source development reference-model), to provide our community with a shared, secure and compliant tool chain that can power open source collaboration.”

Open Source Security for  Financial Services & FinTech

Live from Black Hat USA 2017: Interview with Mike Pittenger of Black Duck Software

via Security Guy TV:  Black Duck VP of Security Strategy Mike Pittenger talks open source security, IoT and more with Security Guy TV from the Black Hat 2017 show floor.

At Black Hat Conference, Good Guy Hackers Have a Bleak View of Us Cybersecurity

According to the Identity Theft Resource Center, the number of U.S. data breaches so far this year hit a half-year record of 791, which is 29 percent higher from this time last year.

Amid those figures, experts seem to have a bleak view of the state of information security. A survey of the top leaders at the Black Hat conference found 60 percent believe a successful cyberattack on U.S. critical infrastructure will likely occur in the next two years.

Black Duck CMO: 'DevOps Is Speeding Up The Way We Bring Applications To Market'

via CRNtv: CRNtv spoke with Black Duck CMO Bob Canaway about the company's recent collaboration with Pivotal Cloud Foundry. Black Duck is now a tile – a fully integrated installation package – on the Pivotal Network, enabling the company to secure and manage open source code for enterprise customers. 

Is the Automotive Industry Reaching an iPhone Moment?

via Black Duck blog (Rob Hawkins): We are rapidly approaching the "iPhone moment" for the automotive industry. The vehicle will be the next mobile application platform, and those applications are going to be built on a foundation of open source components. If the explosion in mobile application development that has taken place in the last decade is any indicator, we are going to see both an unprecedented rate of innovation in the automotive industry as well as a proliferation of companies developing software specifically for "connected" vehicles.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked

| Aug 18, 2017

Black Duck releases Hub Detect, a new feature which allows Black Duck Hub to run seamlessly within any DevOps toolchain regardless of the tools used, and shares its growth plans in an exclusive interview with Xconomy. Black Duck vice president and general manager Phil Odence shares his thoughts on

| MORE >

Open Source & Secure Voting, GDPR & Compliancy, & #NUGATE

| Aug 11, 2017

  Our vulnerability of the week is over five years old. But CVE-2011-4109, a high-severity vulnerability in OpenSSL, was back in the news again, as a hacker used the vulnerability to crack a voting machine at DEF CON 25.  Is open source the magic bullet to secure voting?  You’ll find contrasting

| MORE >

Can Open Source Software Secure Voting?

| Aug 10, 2017

“If you’re wondering about my opinion, I think we should stick to paper ballots.” ~ DEFCON 25 “Voting Village” hacker Voting machine software security needs to be improved dramatically, and as soon as possible. U.S. voting machines are frighteningly easy targets for hackers. At this year’s DEF CON

| MORE >