Amazon Servers Exposed and How Not to be the Next Equifax

Amazon Servers Exposed, Open Source & the Public Sector, How Not to be the Next Equifax

This issue of Open Source Insight looks at how data leaks on Amazon servers may have exposed the personal information of 198 million American voters and 14 million Verizon customers. Is the federal cybersecurity infrastructure keeping up with threats? Why do some many companies have problems keeping their software up to date? Are vulnerability tools up to snuff?  All this and more open source security and cybersecurity news…

Researchers Find 7 Percent of All Amazon S3 Servers Exposed

via SC Media: A recent study by SkyHigh Networks found seven percent of all Amazon S3 servers are exposed which may explain a recent surge of data leaks in the last few months including the information on 198 million American voters.

Open Source and the Public Sector

via GCN: With open-source a significant part of the nation’s digital infrastructure, the risks associated with this type of software are enough to pique the interest of department official, writes Black Duck VP of Product Management, Patrick Carey.

Cybersecurity Threats Demand Modernizing Federal Technology

via The Hill: If it’s not obvious yet that cybersecurity is a major issue, you’re not paying attention. Accordingly, cybersecurity must be a priority for all levels of government, not to mention the private sector. Yet much of the federal government’s networks remain vulnerable simply because of outdated and obsolete technology. This must change.

How Open Source is Transforming the Automotive Industry

via Autobody News: Automakers are adopting open source software for core technologies like the infotainment operating system. This allows them to focus more resources towards the industry-wide race to develop new technologies, mobility services, and autonomous vehicles.

3 Keys to the Road Ahead with Autonomous Vehicles

via Black Duck blog (Rob Hawkins): It's certainly been an interesting month thus far for the mobility industry. The House of Representatives passed the SELF DRIVE Act, which proposes to grant 25,000 autonomous light vehicle testing exemptions (ratcheting up to 100,000 within a few years), exemptions that supersede existing state laws for pre-market approval processes. The Department of Transportation (DOT) followed suit, trimming and softening prior guidelines. Now it’s up to the Senate, where similar legislation includes autonomous trucking. This is an area of considerable investment that, according to some, is accompanied by concerns surrounding artificial intelligence and jobs. 

Why Don't Big Companies Keep Their Computer Systems Up-to-date?

via Business Standard: Equifax, like most Fortune 100 firms, was using an open-source software platform called Apache Struts to run parts of its website. Every major piece of software has vulnerabilities, almost inevitably. When they’re found, typically the company or organization that writes the software creates a fix and shares it with the world, along with notifications that users should update to the latest version.

Equifax CEO Richard Smith Retires After Mass Hack

via Investor’s Business Daily: Equifax CEO and Chairman Richard Smith retired, effective immediately, in the wake of a massive hack recently disclosed that may have exposed up to 143 million Americans.

8 Takeaways from NIST’s Application Container Security Guide

The Equifax Example: Bridging the Gap Between Security and DevOps

via The Stack: Many security professionals struggle hugely to communicate on a daily basis with the fast-moving needs of developers and operations staff who now need to get an application or service from the test development environment to live faster than ever before. Security teams are not experts in what typical Open Source libraries are needed for the safe and secure running of a specific web server or application stack.

Flaws in Open-source Software Pose Big Risks to Companies That Use It

via Third Certainty: While open source is no less secure than commercial code, most companies lack the visibility into and control over the open-source code they use, according to Mike Pittenger, vice president of security strategy at Black Duck. “Last year, Black Duck’s Center for Open Source Research & Innovation (COSRI) analyzed more than 1,000 applications that were audited as part of Merger & Acquisition transactions. The COSRI audit analysis found that while 96 percent of the applications contained open-source software, more than 60 percent of those applications contained known open-source security vulnerabilities,” he says.

Nessus, Qualys, Metasploit for Struts Vulnerabilities?

via Black Duck blog (Mike Pittenger): The Equifax breach has brought Remote Code Execution (RCE) vulnerabilities in Struts into the spotlight. Nobody wants to be the “next Equifax,” much less the company leadership “retiring” or answering questions from Congress.

So, You Want to Be a Data Protection Officer

via Black Duck blog (David Znidarsic, Founder & President of Stairstep Consulting): The General Data Protection Regulation (GDPR) will be enforced starting on May 25, 2018. One of the requirements of the GDPR is that many companies who handle personal data of EU citizens will need to appoint either an employee or contractor to be their Data Protection Officer.

Register Now - Webinar: GDPR and Open Source: Best Practices for Security and Data Protection

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Who Owns Linux? TRITON Attack, App Security Testing, Future of GDPR

| Mar 16, 2018

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both

| MORE >

SCA for DevOps, DHS Security, Securing Open Source for GDPR, CVE Gap

| Mar 9, 2018

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the

| MORE >

AppSec for DevOps, Open Source vs Proprietary, Malicious AIs & GDPR

| Mar 2, 2018

Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software

| MORE >