Black Duck Announces OpsSight for DevOps Open Source Security

Black Duck Announces OpsSight for DevOps Open Source Security at FLIGHT 2017

Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.

If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car.

IoT is Insecure, Get Over It!

via Threat Post: Noted security experts Charlie Miller and Chris Valasek said the Internet of Things can’t be secure, but it can be tamed during their keynote at Black Duck Software’s Flight 2017 conference.

New Tech for Ops Crew: Scanning Containers for Open-Source Vulns

via The Register: OpsSight, Black Duck’s first product specifically targeting the production phase of the software development life cycle, was unveiled at the firm’s annual user conference – Flight 2017 – on Tuesday. The technology is designed to allow organisations to validate the contents and securing container images in production, an increasingly important requirement as use of container technology becomes more commonplace in software development.

Introducing Black Duck OpsSight, A Proactive and Scalable Approach to Container Security

3 Ways OpsSight Extends Open Source Security to Production 

via Black Duck blog (Neal Goldman): With OpsSight, Black Duck extends its coverage of open source security vulnerability detection to another area of the software development lifecycle. We have great integrations with development tools, making vulnerability and compliance scanning easy for developers. Now we’re making it easier for operations and productions teams to do the same scanning and monitoring for security vulnerabilities themselves.

Black Duck Launches New Container Security Solution

via SD Times: OpsSight features automated scanning and inventorying of open source components in container images, identifies and highlights images that contain known security vulnerabilities, flags containers that violate open source security policies and provides automated alerts into newly discovered vulnerabilities. 

Next Level Container Vulnerability Management with OpsSight

via Black Duck blog (Evan Klein): Today, we are happy to announce the launch of our new product, Black Duck OpsSight, a solution that brings open source visibility and control to operations teams managing large scale container deployments. The first supported platform for OpsSight is the Red Hat OpenShift Container Platform 

Announcing Hub Detect: Open Source Discovery for a DevOps World

via Black Duck blog (Bill Ledingham): Hub Detect removes the pain of identifying all the package managers and CI tools teams are using and configuring them individually to make Hub work the way they want in their environment. Instead, this new feature detects which package managers (if any) are being used and automatically pulls in and configures the right integrations for the scan.

Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them

via Tech Republic: Despite increasing risks, cybersecurity professionals continue to find that their teams are understaffed and underskilled, according to a new report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), released Wednesday.

What's Under Your Hood? Security & the Connected Car

via Black Duck blog (Kiara White): There can be up to millions of lines of code that keep a car, and its passengers, safe, connected, and on time. Back-up sensors, infotainment systems, and tire-pressure monitoring are all being run on a mixture of open source and proprietary code. Code is code; if vulnerabilities exist, code can be hacked

Fifteen-year-old Black Duck Software Gets Its Exit, Selling to Synopsys for $565 Million

via Tech Crunch: The deal, expected to close next month, reflects the shift in how enterprises buy and deploy software, with software that’s open to change and free to adopt no longer the exception but the rule. In fact, open-source software now makes up more than 60 percent of the code in today’s applications. Synopsys is buying Black Duck to strengthen its ability to push security and quality testing throughout its software’s development life cycle, reducing risk for its customers.

SEC Says Companies Can Expect New Guidelines on Reporting Cybersecurity Breaches

via Wall Street Journal: The agency will probably update directions that it gave to companies over six years ago, before the spate of high-profile breaches, including at the SEC itself and Equifax.

Connected Car Security Report

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

You Can’t Beat Hackers and the Pentagon Moves into Open Source

| Nov 17, 2017

We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And

| MORE >

It Wasn’t an Equifax Toaster That Stole 145M People’s Personal Data

| Nov 15, 2017

The good news? Bad guy hackers are lazy, and will move on to easier pickings when confronted with good security. The bad news?  Good security is often expensive, and not necessarily a cost businesses are enthusiastic about adding to product prices and passing on to customers. Those were key

| MORE >