Open Source & Secure Voting, GDPR & Compliancy, & #NUGATE

Open Source & Secure Voting, GDPR & Compliancy, #NUGATE & Flash 

Our vulnerability of the week is over five years old. But CVE-2011-4109, a high-severity vulnerability in OpenSSL, was back in the news again, as a hacker used the vulnerability to crack a voting machine at DEF CON 25. 

Is open source the magic bullet to secure voting?  You’ll find contrasting opinions in this week’s Open Source Insight, as well as news and opinion on the bad habits cybersecurity pros need to break; whether Flash should be open sourced; compliancy with the GDPR; and the so-called #nugate scandal.

Read on for all the open source security and cybersecurity fit to print…

Can Open Source Software Secure Voting?

via Black Duck blog (Fred Bals): At this year’s DEF CON 25 convention it took only a few hours for white hat hackers to break into five different voting machines. One researcher cracked an Express Pollbook system within two minutes via CVE-2011-4109, a vulnerability in OpenSSL, an open source project contained in hundreds of thousands of applications to secure communications.

Is the Path to Secure Elections Paved With Open Source Code?

via Linux Insider: Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas.

10 Bad Habits Cybersecurity Professionals Must Break

via Tech Republic: #7 - Not patching immediately

Companies often spend thousands of dollars on security solutions, only to have them bypassed by something as simple as not applying a security patch right away.

Could Open Sourcing Adobe Flash Preserve Internet History?

via Black Duck blog (Haidee LeClair): There have been over 1,000 vulnerabilities in the Adobe Flash Player since 2005 (when Adobe acquired Macromedia), and they tend to have fairly high CVE scores. Considering the dominant use of Flash in online multimedia content, these security issues have been a concern for an eternity in internet time.

Healthcare Is Turning a Corner on Cybersecurity, New HIMSS Research Shows

via Healthcare IT News: The sector is now making security a top priority, hiring CISOs, undertaking threat management and penetration testing, all more important than ever. 

The GDPR & Open Source Security Management

via Info Security: Many organisations don’t pay sufficient attention to the security exposures created by vulnerable open source components, and may not even be aware these exposures exist. In Black Duck’s most recent analysis of more than 1,000 commercial applications, known open source vulnerabilities were found in over 65 percent of those applications. Download this paper to find out more.

The GDPR & Open Source Security Management

Think You’re Compliant with GDPR? The Research Says Otherwise

via Comms Trader: Creating classification-based, automated, and policy-driven approaches to GDPR is essential to success, and should enable organisations to accelerate their ability to meet with the regulatory demands set out, before the impending deadline.

Malicious Code in the Node.js npm Registry Shakes Open Source Trust Model

via CSO: Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

#Nugate and the Reality of (Commercial) Open Source

via Black Duck blog (Yev Bronshteyn): Let's be blunt. Richard Stallman's utopian vision of open source is dead. Code is no longer contributed to open source to grant some freedom that has been ordained an inalienable human right by reason and providence. 

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Hub Detect & DevOps, OSS for Cars & 1.8 M Voter Info Leaked

| Aug 18, 2017

Black Duck releases Hub Detect, a new feature which allows Black Duck Hub to run seamlessly within any DevOps toolchain regardless of the tools used, and shares its growth plans in an exclusive interview with Xconomy. Black Duck vice president and general manager Phil Odence shares his thoughts on

| MORE >

Can Open Source Software Secure Voting?

| Aug 10, 2017

“If you’re wondering about my opinion, I think we should stick to paper ballots.” ~ DEFCON 25 “Voting Village” hacker Voting machine software security needs to be improved dramatically, and as soon as possible. U.S. voting machines are frighteningly easy targets for hackers. At this year’s DEF CON

| MORE >