Black Duck Teams with Google, Connected Cars, FinTech Compliance

Black Duck Teams with Google, Connected Cars, FinTech Compliance

Black Duck and Google partner so that open source vulnerability management can be integrated directly with build and deployment activities in the cloud. Connected car news includes BMW adding on to its connected car services; concerns on how code vulnerabilities might lead to driving dangers; and why auto OEMs need to pay more attention to cybersecurity, including open source security. Plus, the costs of GDPR compliance; a primer on CVEs; and HIPAA compliance for the software you build.

Black Duck Partners with Google to Automate Security Compliance

via CloudPro: Open source security vendor Black Duck has partnered up with Google to help the tech giant's customers benefit from Black Duck's automated security and productivity container tech, offering enhanced intelligence, visibility and control of risks.

Black Duck and Google Help Teams Build Cloud Apps with Confidence

via Black Duck blog (Evan Klein): What Security and DevOps teams desperately need is open source security that works in the cloud, is automated as part of your CI/CD pipeline, and finds open source security vulnerabilities and code quality issues earlier in the application development lifecycle. They need a solution that eases the transition to building and deploying in the cloud. 

BMW Basically Wants You to Live and Work in Your Connected Car

via CNet: BMW announced on Wednesday three separate technologies that it hopes will fuel the next generation of connected cars from BMW Group. Connected+ builds upon BMW's current connected-car services. BMW ID brings a new level of personalization to not just one, but all connected BMWs. Finally, there's integration with Microsoft Exchange and Skype.

How Code Vulnerabilities Can Lead to Bad Accidents

via DarkReading: Building a Web application or API with open source components has direct parallels to building a car. Anyone using open source components must be aware that there will be vulnerabilities. And whether you’re building a car or software, your product is only as good as the components you use. Frankly, cars these days are basically software on wheels, but our software supply chain is full of holes.

OEMs Must Shift Gears in Their Approach to Cyber Security

via Automotive World: This blend of new and legacy components means that as the car becomes more connected, its vulnerability to digital attacks grows — and so does the potential damage one can cause.

Safety, Security & Open Source in the Automotive Industry

via Black Duck blog (Fred Bals): Just as lean manufacturing and ISO-9000 practices brought greater agility and quality to the automotive industry, visibility and control over open source will be essential to maintaining the security of automotive software applications.

Managing and Securing Open Source in the Automotive Industry

The High Costs of GDPR Compliance

via DarkReading: When asked where privacy professionals need the most help, complying with data privacy requirements, and developing a GDPR plan topped the list at 39%, followed by addressing international data transfers (36%) and meeting regulatory reporting requirements (30%).

FinTech Compliance is Evolving to Safeguard Your Information

via Black Duck blog (Steven Zimmerman): Organizations have begun to address the need for regulatory and compliance standards by targeting FinTech security risks and technology-enabled financial services first, particularly those related to application vulnerabilities.

What Is the CVE and How Does It Work?

via CSO: The Common Vulnerabilities and Exposures (CVE) Program has been cataloging software and firmware vulnerabilities for 18 years. Here’s how it can help you secure your company’s network. 

HIPAA Compliance for the Software You Build

via Black Duck blog (Mike Pittenger): For software and device manufacturers attempting to comply with HIPAA and FDA guidelines, the answers aren’t always easy. Building secure applications and devices requires a new way of thinking about requirements. It also requires a new approach to identifying weaknesses in software and devices that could result in security issues. 

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Equifax, Apache Struts, & CVE-2017-5638 Vulnerability

| Sep 15, 2017

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been

| MORE >

CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses

| Sep 8, 2017

Our vulnerability of the week is CVE-2017-9805, which resides in Apache Struts’ REST plugin, a must-have in almost all Struts enterprise deployments. Attackers can exploit the bug via HTTP requests or via any other socket connection, with a public exploit published on Thursday. Happily, on Monday

| MORE >

Securing Software Stacks, Election Security, FDA Pacemaker Recall

| Sep 1, 2017

News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day,

| MORE >