News about NotPetya is rebounding around the world this week as malware experts quickly determined that the resemblence to Petya is superficial. The consensus is now that NotPetya is a wiper, designed to inflict permanent damage, not ransomware as initially reported. Following closely on the heels of WannaCry incidents, NotPetya hit 64 countries by June 28, but with no kill switch available this time. Global cyberattacks such as these highlight the importance of cybersecurity everywhere, staying up to date on patches and ensuring that backups are up-to-date.
In other cybersecurity and open source news: open source is pervasive in the automotive industry, a hackathon in Leeds looks at how to deploy NHSUbuntu in place of Microsoft, open source oversight key to GDPR, and security code reviews by Russian agencies are under discussion.
via Black Duck blog (Fred Bals): Open source use is pervasive across every industry vertical, including the automotive industry. When it comes to software, every auto manufacturer wants to spend less time on what are becoming commodities — such as the core operating system and components connecting the various pieces together — and focus on features that will differentiate their brand. The open source model supports that objective by expediting every aspect of agile product development.
via The Independent: Experts say that initial suggestions that the software was being used to make money may have been a distraction. The software might instead be part of a plan simply to cripple as many systems, companies and countries as possible, they said.
via The Register: A gathering of software developers whose mission was to find a way to deploy NHSbuntu, a flavour of the open-source Linux distro Ubuntu built for the NHS, on 750,000 smartcards used to verify clinicians accessing 80 per cent of applications – excluding those for clinical use – on millions of health service PCs.
via Out-Law.com: Mike Pittenger, vice president of security strategy at Black Duck Software, told Out-Law.com that many businesses either remain unaware that they are running popular open source components within their software at all or that security vulnerabilities exist in the versions of that software they are operating. This is despite the profile of open source software security risk being raised by media coverage in recent times, he said.
via Black Duck blog (Megan McIntyre): We've been thinking about how Docker containers can help us deliver our software effectively for quite a while now. Recently Hal Hearst shared excellent information about how and why we're releasing Hub as a Dockerized container.
via IT SecCity (Germany): Der Appetit der Welt auf Open-Source-Software ist unersättlich. Unternehmen weltweit haben im vergangenen Jahr den Einsatz von Open Source deutlich erhöht; doch obwohl diese bereitwillig die mit Open Source verbundenen Bedenken bezüglich der sicherheitsrelevanten und operationellen Risiken zur Kenntnis nehmen, hält das effektive Management von Open Source nicht mit der zunehmenden Nutzung mit.
via Black Duck blog (Baljeet Malhotra): Every API comes with a set of obligations, which are typically documented in various (legally binding) agreements (for example, Terms of Service, Developer Agreement, Privacy Statement) that govern the usage of API and its underlying data and functionalities. According to our research there are essentially four key factors that affect the governance of API usage.
via TechTarget SearchSecurity: Before allowing cybersecurity products into Russia, U.S. tech companies are reportedly being required to submit source code for review, and many are worried of the privacy and security impacts of this testing. Rising tensions between the U.S. and Russia over apparent election interference appear to be to blame for both Russia's insistence on security code reviews and U.S. experts' wariness of the practice.