Amazon Servers Exposed and How Not to be the Next Equifax

Amazon Servers Exposed, Open Source & the Public Sector, How Not to be the Next Equifax

This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats? Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?  All this and more open source security and cybersecurity news…

Researchers Find 7 Percent of All Amazon S3 Servers Exposed

via SC Media: A recent study by SkyHigh Networks found seven percent of all Amazon S3 servers are exposed which may explain a recent surge of data leaks in the last few months including the information on 198 million American voters.

Open Source and the Public Sector

via GCN: With open-source a significant part of the nation’s digital infrastructure, the risks associated with this type of software are enough to pique the interest of department official, writes Black Duck VP of Product Management, Patrick Carey.

Cybersecurity Threats Demand Modernizing Federal Technology

via The Hill: If it’s not obvious yet that cybersecurity is a major issue, you’re not paying attention. Accordingly, cybersecurity must be a priority for all levels of government, not to mention the private sector. Yet much of the federal government’s networks remain vulnerable simply because of outdated and obsolete technology. This must change.

How Open Source is Transforming the Automotive Industry

via Autobody News: Automakers are adopting open source software for core technologies like the infotainment operating system. This allows them to focus more resources towards the industry-wide race to develop new technologies, mobility services, and autonomous vehicles.

3 Keys to the Road Ahead with Autonomous Vehicles

via Black Duck blog (Rob Hawkins): It's certainly been an interesting month thus far for the mobility industry. The House of Representatives passed the SELF DRIVE Act, which proposes to grant 25,000 autonomous light vehicle testing exemptions (ratcheting up to 100,000 within a few years), exemptions that supersede existing state laws for pre-market approval processes. The Department of Transportation (DOT) followed suit, trimming and softening prior guidelines. Now it’s up to the Senate, where similar legislation includes autonomous trucking. This is an area of considerable investment that, according to some, is accompanied by concerns surrounding artificial intelligence and jobs. 

Why Don't Big Companies Keep Their Computer Systems Up-to-date?

via Business Standard: Equifax, like most Fortune 100 firms, was using an open-source software platform called Apache Struts to run parts of its website. Every major piece of software has vulnerabilities, almost inevitably. When they’re found, typically the company or organization that writes the software creates a fix and shares it with the world, along with notifications that users should update to the latest version.

Equifax CEO Richard Smith Retires After Mass Hack

via Investor’s Business Daily: Equifax CEO and Chairman Richard Smith retired, effective immediately, in the wake of a massive hack recently disclosed that may have exposed up to 143 million Americans.

Threat Check for Struts

The Equifax Example: Bridging the Gap Between Security and DevOps

via The Stack: Many security professionals struggle hugely to communicate on a daily basis with the fast-moving needs of developers and operations staff who now need to get an application or service from the test development environment to live faster than ever before. Security teams are not experts in what typical Open Source libraries are needed for the safe and secure running of a specific web server or application stack.

Flaws in Open-source Software Pose Big Risks to Companies That Use It

via Third Certainty: While open source is no less secure than commercial code, most companies lack the visibility into and control over the open-source code they use, according to Mike Pittenger, vice president of security strategy at Black Duck. “Last year, Black Duck’s Center for Open Source Research & Innovation (COSRI) analyzed more than 1,000 applications that were audited as part of Merger & Acquisition transactions. The COSRI audit analysis found that while 96 percent of the applications contained open-source software, more than 60 percent of those applications contained known open-source security vulnerabilities,” he says.

Nessus, Qualys, Metasploit for Struts Vulnerabilities?

via Black Duck blog (Mike Pittenger): The Equifax breach has brought Remote Code Execution (RCE) vulnerabilities in Struts into the spotlight. Nobody wants to be the “next Equifax,” much less the company leadership “retiring” or answering questions from Congress.

So, You Want to Be a Data Protection Officer

via Black Duck blog (David Znidarsic, Founder & President of Stairstep Consulting): The General Data Protection Regulation (GDPR) will be enforced starting on May 25, 2018. One of the requirements of the GDPR is that many companies who handle personal data of EU citizens will need to appoint either an employee or contractor to be their Data Protection Officer.

Register Now - Webinar: GDPR and Open Source: Best Practices for Security and Data Protection

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Container Tech, Data Centre Security & 2018's Biggest Security Threat

| Dec 8, 2017

Black Duck senior technology evangelist Tim Mackey talks containers this week at DevSecCon and elaborates on his presentation, “When Good Containers Go Bad,” with IT Pro, Cloud Pro and Data Centre News.  Black Duck VP of Security Strategy Mike Pittenger shares his thoughts on the biggest security

| MORE >

Record Vulns in 2017 and Predictions for Open Source in 2018

| Dec 1, 2017

We enter the last month of 2017 with two reports that should give pause: The National Vulnerability Database, has documented more than 13,400 vulnerabilities so far this year, more than double the database logged in all of 2016. Plus, as unbelievable as it sounds, more than 90 percent of firms

| MORE >

You Can’t Beat Hackers and the Pentagon Moves into Open Source

| Nov 17, 2017

We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And

| MORE >