Open Source & Secure Voting, GDPR & Compliancy, & #NUGATE

Open Source & Secure Voting, GDPR & Compliancy, #NUGATE & Flash 

Our vulnerability of the week is over five years old. But CVE-2011-4109, a high-severity vulnerability in OpenSSL, was back in the news again, as a hacker used the vulnerability to crack a voting machine at DEF CON 25. 

Is open source the magic bullet to secure voting?  You’ll find contrasting opinions in this week’s Open Source Insight, as well as news and opinion on the bad habits cybersecurity pros need to break; whether Flash should be open sourced; compliancy with the GDPR; and the so-called #nugate scandal.

Read on for all the open source security and cybersecurity fit to print…

Can Open Source Software Secure Voting?

via Black Duck blog (Fred Bals): At this year’s DEF CON 25 convention it took only a few hours for white hat hackers to break into five different voting machines. One researcher cracked an Express Pollbook system within two minutes via CVE-2011-4109, a vulnerability in OpenSSL, an open source project contained in hundreds of thousands of applications to secure communications.

Is the Path to Secure Elections Paved With Open Source Code?

via Linux Insider: Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas.

10 Bad Habits Cybersecurity Professionals Must Break

via Tech Republic: #7 - Not patching immediately

Companies often spend thousands of dollars on security solutions, only to have them bypassed by something as simple as not applying a security patch right away.

Could Open Sourcing Adobe Flash Preserve Internet History?

via Black Duck blog (Haidee LeClair): There have been over 1,000 vulnerabilities in the Adobe Flash Player since 2005 (when Adobe acquired Macromedia), and they tend to have fairly high CVE scores. Considering the dominant use of Flash in online multimedia content, these security issues have been a concern for an eternity in internet time.

Healthcare Is Turning a Corner on Cybersecurity, New HIMSS Research Shows

via Healthcare IT News: The sector is now making security a top priority, hiring CISOs, undertaking threat management and penetration testing, all more important than ever. 

The GDPR & Open Source Security Management

via Info Security: Many organisations don’t pay sufficient attention to the security exposures created by vulnerable open source components, and may not even be aware these exposures exist. In Black Duck’s most recent analysis of more than 1,000 commercial applications, known open source vulnerabilities were found in over 65 percent of those applications. Download this paper to find out more.

The GDPR & Open Source Security Management

Think You’re Compliant with GDPR? The Research Says Otherwise

via Comms Trader: Creating classification-based, automated, and policy-driven approaches to GDPR is essential to success, and should enable organisations to accelerate their ability to meet with the regulatory demands set out, before the impending deadline.

Malicious Code in the Node.js npm Registry Shakes Open Source Trust Model

via CSO: Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

#Nugate and the Reality of (Commercial) Open Source

via Black Duck blog (Yev Bronshteyn): Let's be blunt. Richard Stallman's utopian vision of open source is dead. Code is no longer contributed to open source to grant some freedom that has been ordained an inalienable human right by reason and providence. 

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Paraskevidekatriaphobia, Web APIs, Jeep Hacking, More Equifax Woes

| Oct 13, 2017

On this Friday the 13th, the paraskevidekatriaphobia edition of Open Source Insight delves into scary software exploits like jeep hacking and data breaches. October is Cybersecurity Awareness Month, but how aware and cybersecure are the businesses holding our personal data? Black Duck joins forces

| MORE >

GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equifax

| Oct 6, 2017

COSRI research director Chris Fearon makes the case that Equifax was either unaware of or slow to respond to reports of known critical vulnerabilities in their system, and as a result had not upgraded to safer versions. That opinion was later proven out by Congressional hearings into the breach,

| MORE >

Did SAST and DAST Fail Equifax?

| Oct 4, 2017

On March 8, 2017, the U.S. Department of Homeland Security, Computer Emergency Readiness Team (“U.S. CERT”) sent Equifax and many others a notice of the need to patch a particular vulnerability in certain versions of software…. Equifax used that software, which is called “Apache Struts,” in its

| MORE >