Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.
If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car.
via Threat Post: Noted security experts Charlie Miller and Chris Valasek said the Internet of Things can’t be secure, but it can be tamed during their keynote at Black Duck Software’s Flight 2017 conference.
via The Register: OpsSight, Black Duck’s first product specifically targeting the production phase of the software development life cycle, was unveiled at the firm’s annual user conference – Flight 2017 – on Tuesday. The technology is designed to allow organisations to validate the contents and securing container images in production, an increasingly important requirement as use of container technology becomes more commonplace in software development.
via Black Duck blog (Neal Goldman): With OpsSight, Black Duck extends its coverage of open source security vulnerability detection to another area of the software development lifecycle. We have great integrations with development tools, making vulnerability and compliance scanning easy for developers. Now we’re making it easier for operations and productions teams to do the same scanning and monitoring for security vulnerabilities themselves.
via SD Times: OpsSight features automated scanning and inventorying of open source components in container images, identifies and highlights images that contain known security vulnerabilities, flags containers that violate open source security policies and provides automated alerts into newly discovered vulnerabilities.
via Black Duck blog (Evan Klein): Today, we are happy to announce the launch of our new product, Black Duck OpsSight, a solution that brings open source visibility and control to operations teams managing large scale container deployments. The first supported platform for OpsSight is the Red Hat OpenShift Container Platform.
via Black Duck blog (Bill Ledingham): Hub Detect removes the pain of identifying all the package managers and CI tools teams are using and configuring them individually to make Hub work the way they want in their environment. Instead, this new feature detects which package managers (if any) are being used and automatically pulls in and configures the right integrations for the scan.
via Tech Republic: Despite increasing risks, cybersecurity professionals continue to find that their teams are understaffed and underskilled, according to a new report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), released Wednesday.
via Black Duck blog (Kiara White): There can be up to millions of lines of code that keep a car, and its passengers, safe, connected, and on time. Back-up sensors, infotainment systems, and tire-pressure monitoring are all being run on a mixture of open source and proprietary code. Code is code; if vulnerabilities exist, code can be hacked.
via Tech Crunch: The deal, expected to close next month, reflects the shift in how enterprises buy and deploy software, with software that’s open to change and free to adopt no longer the exception but the rule. In fact, open-source software now makes up more than 60 percent of the code in today’s applications. Synopsys is buying Black Duck to strengthen its ability to push security and quality testing throughout its software’s development life cycle, reducing risk for its customers.