Big news for Open Source Insight’s publisher as electronic design automation (EDA) and semiconductor IP company, Synopsys, announced its intention to acquire Black Duck Software to extend the firm's product offerings into open source security. This week’s newsletter includes an open letter from Black Duck CEO Lou Shipley on why the Synopsys/Black Duck deal makes sense for or both sides as well as for Black Duck customers, partners and employees.
In other open source security and cybersecurity news: Black Duck data scientist Nathan (Yiming) Zhang looks at the ongoing race between hackers and the NVD. Technology evangelist Tim Mackey explains why good containers (sometimes) go bad. Steven Zimmerman, shares insights from his recent visit to the Automotive Cybersecurity Summit. And a look into why the future of cybersecurity hangs on automation.
via Synopsys press release: Synopsys, Inc. (Nasdaq: SNPS) and Black Duck Software, Inc. have signed a definitive agreement for Synopsys to acquire privately held Black Duck, a leader in automated solutions for securing and managing open source software. The addition of Black Duck's highly respected Software Composition Analysis solution will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach.
via Black Duck blog (Lou Shipley): Saying “yes” is in the best interests of our customers, who will have access to a wider array of security solutions from a single trusted vendor; in the best interests of our large and patient investors who funded Black Duck in its earliest days more than a decade ago; and in the best interests of our individual shareholders, the majority of whom are employees.
via Computer Weekly: Black Duck Software technology evangelist Tim Mackey explains why you need to understand what information attackers use to design their attacks when defending against attack at scale,
via Security Boulevard: Criminals are expected to try and hijack customer and employee accounts, break into online platforms through code vulnerabilities and launch distributed denial-of-service attacks against shopping websites.
via Black Duck blog (Steven Zimmerman): And then I saw an autonomous vehicle slowing to a stop at a traffic light, turn signal blinking and LIDAR emitter twirling, with a driver sipping coffee and eating a pastry behind the wheel, and realized I was observing the natural extension of the software-enabled trek I’d just completed to the 2017 Automotive Cybersecurity Summit.
via Tech Target: Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack..
via Data Center Knowledge: The open source file sharing project scanned the web to find numerous vulnerable and unpatched instances of its software on critical websites.
via CSO Online: Vendors are adding open source capabilities to their tools to add much needed IT infrastructure flexibility. The more tools and devices organizations add to their IT infrastructure, the more unique an ecosystem becomes. That is why open source fits more complex environments.
via Black Duck blog (Nathan (Yiming) Zhang): Regardless how long it takes for NVD to process a CVE after first disclosure in other sources, there is a 76.19% chance that an exploit will be publicly available days earlier.