Who Owns Linux? TRITON Attack, App Security Testing, Future of GDPR

Who Owns Linux? TRITON Attack, App Security Testing, Future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.

Open Source Insight is your weekly news resource for open source security and cybersecurity news!

Interview with Art Dahnert, Synopsys 

via Automobil Elektonik: Video - Art Dahnert, Managing Consultant at Synopsys, talks about the security of open source software and how Black Duck's software helps.

Building standout projects with the open source community

via Black Duck blog: Developing an open source project can seem daunting at times. Finding time to dedicate to a project can be difficult, and when it finds success, reported issues and proposed changes to review can seem endless. Selecting open source libraries to use is no easier — you must make a choice between multiple options, and short of reviewing the library’s entire codebase, how can you make such a selection (and know you made the right one)? The open source community has answers to these problems by automating many common-sense checks into contributing and providing ways to show summaries of those results to prospective users. 

Why do the vast majority of applications still not undergo security testing?

via Security Week: With the growing use of open source, the amount of code from external sources in any application is rising exponentially. This open source code may contain profound vulnerabilities that immediately become part of your software. Software composition analysis (SCA) detects open source and third-party component risks in development and production. It also identifies potential licensing issues in open source code used in your applications.

Innovation may be outpacing security in cars

via eeNews: Open source use is pervasive across every industry vertical, including the automotive industry. A study conducted in early 2017 by Black Duck’s Center for Open Source Research and Innovation (COSRI) examining findings from the anonymised data of more than 1,000 commercial applications found open source components in 96% of the applications scanned. On average, open source comprised 36% of the code base in these applications. 

2017 Open Source Security and Risk Analysis Report

Open source projects that break boundaries

via Black Duck: In this webinar on March 22nd, we'll explore the origins and evolution of this year's most outstanding Open Source Rookies, who are investing their efforts in everything from Autonomous Driving, through Scalable Blockchain, and VNF Orchestration, to Personal Security and Relationship Management. 

TRITON attack: A failure this time, but still ominous

via Synopsys Software Integrity blog: Yet another cyber-attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses.

GitLab: 2018 is the year for open source and DevOps

via SD Times: DevOps and open source aren’t slowing down anytime soon, a newly released report revealed. GitLab released its 2018 Global Developer Survey on developers’ perception of their workplace, workflow, and tooling within IT organizations. 

The future of GDPR: Compliance beyond the deadline

via Silicon Republic: With a little more than two months until the enforcement date rolls around, many entities are looking at the compliance deadline as just that: a deadline. But that is really only the beginning for GDPR. 

Cybercriminals spotted hiding cryptocurrency mining malware in forked projects on GitHub

via ZDNet: Those behind the campaign are tailoring the Monero cryptojacking malware to use a limited amount of CPU power in order to evade infections being detected.

How open-source software drives IoT and AI

via DZone: One of the most promising emerging developments is the intersection of the IoT and AI. Expect more of this as open source continues to speed development in these exciting technologies.

Who owns Linux?

via Black Duck blog: In October 2017, the plaintiff Patrick McHardy (see the previous post) had been successful in obtaining a very broad preliminary injunction covering the entire Linux kernel against Geniatech, the producer of the EyeTV product line. 

3 secret reasons you must join us at FLIGHT Amsterdam

via Synopsys Software Integrity blog: Synopsys executives are excited about joining FLIGHT Amsterdam. Not only will our leadership team be on hand to meet with you and discuss Black Duck Hub features and product roadmaps, but there will be a session introducing how Black Duck fits into the ecosystem of Synopsys and all the cool things coming as the companies join forces.

Learn more about Flight Amsterdam

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Securing IoT, Atlanta Ransomware Attack, Congress on Cybersecurity

| Mar 30, 2018

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April.  You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best

| MORE >

GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open Source Rookies

| Mar 23, 2018

A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source

| MORE >