The patch for CVE-2014-0160, better known as Heartbleed, has been available since 2014, however some applications continue to include vulnerable versions of OpenSSL (versions 1.0.1-1.0.1f), making Heartbleed still one of the most dangerous vulnerabilities in the wild, as one local authority in the UK learned.
In other cybersecurity and open source news: Honda shuts down a car plant due to WannaCry. The potential risks of open source are broader than just license compliance. Girl Scouts to offer cybersecurity badges. And even restaurants aren’t safe from malware.
via Reuters: Honda discovered on Sunday that the virus had affected networks across Japan, North America, Europe, China and other regions, a spokeswoman said, despite efforts to secure its systems in mid-May when the virus caused widespread disruption at plants, hospitals and shops worldwide.
via Black Duck blog (Fred Bals): Even though Heartbleed was discovered over three years ago, and IT staff at the council flagged the need to update the software, a patch issued for the software was never applied. Gloucester City Council “did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made,” said the entity imposing the £100,000 fine, UK's Information Commissioner's Office (ICO).
via USA TODAY: Girl Scouts of the USA and Palo Alto Networks have announced a collaboration to introduce a series of 18 cybersecurity badges for girls K-12. The badges, which will help Scouts explore opportunities in STEM (science, technology, engineering and math) while building leadership skills, will be available to earn beginning in September 2018.
via TechRepublic: According to a new Black Duck survey, developers can't get enough of open source, ramping up open source adoption by 60% last year. Why the uptick? A whopping 84% cited superior cost savings, ease-of-access, and no vendor lock-in.
via Black Duck blog (Phil Odence): To the extent that tech companies manage open source risks, their primary focus tends to be on reciprocal licenses and the GPL in particular. As I've discussed earlier, the potential risks of open source are broader than just license compliance. Additionally, there are other licenses to consider beyond the GPL. Even permissive licenses deserve a little respect.
viaTechBuzzIreland: Black Duck Software has been named a US-Ireland Top 50 Company by The Irish Echo, the USA’s largest and most widely read Irish American weekly. Black Duck was presented with the award honoring 50 major companies with operations in the US and Ireland during the New York/New Belfast Investment Conference at Pier A, Harbor House in New York City.
via Ars Technica: Researchers have detected a brazen attack on restaurants across the United States that uses a relatively new technique to keep its malware undetected by virtually all antivirus products on the market.