This week we have news on the upcoming Red Hat Summit, an updated OWASP Top 10, technical due diligence, World IP Day and more. We also continue to see a lot of coverage coming out of our 2017 Open Source Security and Risk Analysis (OSSRA) outlining risks related to not maintaining open source components and license compliance.
As a follow up to our full security and risk analysis, we also released our OSSRA infographic, which provides a high level overview of the report. Our Center for Open Source Research & Innovation (COSRI) anonymized and analyzed over 1000 audits, revealing a surprising gap in open source management.
Join Black Duck at the Red Hat Summit 2017
Next week we'll be hanging out in Boston at the Red Hat Summit and taking a close look at OpenShift. Join Tim Mackey (Technology Evangelist at Black Duck) on Thursday, May 4th at 11:30 am to discuss “Integrated security in CI/CD with Red Hat OpenShift” with Justin Goldsmith (Consulting Architect - Red Hat), and Brent Baude (Principle Software Engineer at Red Hat). Learn more about this session here.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Dark Reading published commentary by Jeff Williams, CTO of Contrast Security, who said "It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks."
The OWASP Top 10 is a great resource for anyone pursuing application security. We'll be taking a look at the new list soon. Key to developers using open source is that using code with known vulnerabilities remains on the list at A9.
New Research Reveals Wisdom of Due Diligence
Phil Odence, Vice President & General Manager, takes a look at the Open Source Security and Risk Analysis from the Mergers & Acquisitions perspective, particularly for anyone involved in technical due diligence. Phil says, "The theoretical risks associated with open source are clear: most companies use a lot of open source but don’t sufficiently track which components are in their code, leaving their applications susceptible to license, security, or operational problems. This report goes beyond the theoretical with hard data revealing issues discovered in real software."
5 More Open Source Companies to Watch in 2017
Black Duck Hub - Dockerized App
We asked Hal Hearst, Principal Product Manager, to discuss the new architecture coming to the Black Duck Hub and why that's important to our customers. Hal said, "With the new architecture, the Hub is now available to be run as a set of Docker containers for the various components in the application. Rather than using our own custom orchestration method (which we called “appMgr”), the Hub will now leverage Docker-based mechanisms." Learn more in his blog post.
Open Source Security Risks Persist in Commercial Software [Infographic]
CSO published an article that provides a great framework for our OSSRA Infographic. "The use of open source occurs in all industries by organizations of all sizes for good reason. It lowers development costs, speeds time to market, and accelerates innovation. Black Duck’s On-Demand audits found that on average, open source comprised 36 percent of the code base in the scanned applications."
We had a lot of fun creating a video to celebrate World IP Day. We're happy that our work helps our customers protect the intellectual property of the creators. The World Intellectual Property Organization (WIPO) created the day 17 years ago to promote and protect creative ideas, including music, art, trademarks, writings and inventions.
New Open Source Licence For Seeds
Intellectual Property Watch reported an initiative by OpenSourceSeeds to offer open source-licensed seeds to strengthen "copyleft" for new plant varieties. Not our usual type of story, but an interesting look at how open source licenses can impact plant varieties.
"To make seeds open source was a necessary answer to the increasing market concentration and resulting reduction in genetic diversity in plant varieties. The lack of varieties and spread of uniform cropping systems over large areas present a risk for global food and nutrition security, according to the OpenSourceSeeds initiative."