Hospital, Medical Devices, Banking, Automotive Cybersecurity

Hospital, Medical Devices, Banking, FinTech, and Automotive Cybersecurity News

A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.

Hospitals Face Growing Cybersecurity Threats

via NPR: Other industries, like financial services and the federal government, have devoted more than 12 percent of their IT budgets to cybersecurity. Health care averages just half that.

At the same time, the cost of mitigation has soared, with the average breach costing $355 per stolen record for health care organizations. 

The Need for Open Source Security in Medical Devices

via ITProPortal: A major driver of the technological revolution in medical devices is software, and that software is built on a core of open source. Black Duck’s 2017 Open Source Security and Risk Analysis (OSSRA) research found that the average commercial application included almost 150 discrete open source components, and that 67 per cent of the over 1000 commercial applications scanned included vulnerable open source components. The analysis made evident that the use of open source components in commercial applications is pervasive across every industry vertical, including the healthcare industry.

Details of 400,000 Loan Applicants Spilled in UniCredit Bank Breach

via The Register: Italian bank UniCredit admitted on Wednesday that a series of breaches, undetected for nearly a year, exposed the personal data of 400,000 loan applicants. Milan-based UniCredit said that it had closed the breach and informed authorities while embarking on a security audit that will likely tap into at least some of the €2.3bn budget previously allocated towards upgrading and strengthening its IT systems

UniCredit Bank: Hackers Can Access Data From 400,000 Customers

via WinFuture (Germany): Banks do not seem to be particularly well placed for data security in banking apps. In a recent test carried out by the US consumer protection organization OTA, which looked at around a thousand websites of various financial services providers, the banks failed to perform well. According to an open source security and risk analysis (OSSRA) 2017 by Black Duck, an average of 52 open source vulnerabilities could be detected in banking applications.

Symphony Software Foundation Sets Out to Build a New Fintech Innovation Model

via Symphony Foundation: Recent research from Black Duck’s Center for Open Source Research and Innovation (COSRI) shows that between 80 percent and 90 percent of the code in today’s apps is open source. While the audit confirms universal use, it also reveals the ineffectiveness in addressing risks related to open source security vulnerabilities and license compliance challenges.

“This is precisely where our Foundation provides value - by offering a secure and IP compliant, open source developer experience and software supply chain, while maintaining the high productivity typical of modern, open source communities and workflows,” said Peter Monks, VP of technology, Symphony Software Foundation. “After adding OpenShift support, we plan to continue investing in our Open Development Platform (our open source development reference-model), to provide our community with a shared, secure and compliant tool chain that can power open source collaboration.”

Open Source Security for  Financial Services & FinTech

Live from Black Hat USA 2017: Interview with Mike Pittenger of Black Duck Software

via Security Guy TV:  Black Duck VP of Security Strategy Mike Pittenger talks open source security, IoT and more with Security Guy TV from the Black Hat 2017 show floor.

At Black Hat Conference, Good Guy Hackers Have a Bleak View of Us Cybersecurity

According to the Identity Theft Resource Center, the number of U.S. data breaches so far this year hit a half-year record of 791, which is 29 percent higher from this time last year.

Amid those figures, experts seem to have a bleak view of the state of information security. A survey of the top leaders at the Black Hat conference found 60 percent believe a successful cyberattack on U.S. critical infrastructure will likely occur in the next two years.

Black Duck CMO: 'DevOps Is Speeding Up The Way We Bring Applications To Market'

via CRNtv: CRNtv spoke with Black Duck CMO Bob Canaway about the company's recent collaboration with Pivotal Cloud Foundry. Black Duck is now a tile – a fully integrated installation package – on the Pivotal Network, enabling the company to secure and manage open source code for enterprise customers. 

Is the Automotive Industry Reaching an iPhone Moment?

via Black Duck blog (Rob Hawkins): We are rapidly approaching the "iPhone moment" for the automotive industry. The vehicle will be the next mobile application platform, and those applications are going to be built on a foundation of open source components. If the explosion in mobile application development that has taken place in the last decade is any indicator, we are going to see both an unprecedented rate of innovation in the automotive industry as well as a proliferation of companies developing software specifically for "connected" vehicles.

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Paraskevidekatriaphobia, Web APIs, Jeep Hacking, More Equifax Woes

| Oct 13, 2017

On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces

| MORE >

GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equifax

| Oct 6, 2017

COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach,

| MORE >

Did SAST and DAST Fail Equifax?

| Oct 4, 2017

On March 8, 2017, the U.S. Department of Homeland Security, Computer Emergency Readiness Team (“U.S. CERT”) sent Equifax and many others a notice of the need to patch a particular vulnerability in certain versions of software…. Equifax used that software, which is called “Apache Struts,” in its

| MORE >