Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

Happy birthday open source and AppSec for 2018

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical […]

Continue Reading...

Posted in Data Breach, Open Source Security, Security Standards and Compliance | Comments Off on Happy birthday open source and AppSec for 2018

 

IoT security, tech due diligence, software security training

A grab bag of open source security and cyber security news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert Bob Martin covering IoT security. Learn how […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Internet of Things, Open Source Security, Security Standards and Compliance | Comments Off on IoT security, tech due diligence, software security training

 

When software is the company, tech due diligence is critical

AccessOne CTO Connor Gray knows that tech due diligence is essential in an M&A to learn about the potential security and operational risks from a target’s use of open source.

Continue Reading...

Posted in Legal, Open Source Security | Comments Off on When software is the company, tech due diligence is critical

 

Open source banking, 2018 CISO Report, GDPR looming

Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each.  A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.

Continue Reading...

Posted in Internet of Things, Open Source Security, Security Standards and Compliance | Comments Off on Open source banking, 2018 CISO Report, GDPR looming

 

Balancing agility and open source security for DevOps

Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs.  Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack.  And why you should think like your […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security | Comments Off on Balancing agility and open source security for DevOps

 

Meltdown, Spectre security flaws “impact everything”

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Meltdown, Spectre security flaws “impact everything”

 

Equifax, Apache Struts, and CVE-2017-5638 vulnerability

It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been affected by the breach, and […]

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Equifax, Apache Struts, and CVE-2017-5638 vulnerability

 

GDPR deadline: Does “appropriate security” include open source risk?

It’s May 25th, 2017, and the GDPR deadline is bearing down on us like an express train. Personal data privacy is the impetus behind the EU General Data Protection Regulation (GDPR), which goes into effect in exactly one year — on May 25th, 2018.

Continue Reading...

Posted in Open Source Security, Security Standards and Compliance | Comments Off on GDPR deadline: Does “appropriate security” include open source risk?

 

Open Source 360 Survey, DockerCon 2017, and more on the Cloudera IPO

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Open Source 360 Survey, DockerCon 2017, and more on the Cloudera IPO

 

Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?

Dave Gershgorn, an AI reporter, published an interesting article on Quartz late last week with the ungainly but click-baitable title, “This open-source tech company’s IPO filing reads like an argument against building a business on open source.”

Continue Reading...

Posted in Data Breach, Legal | Comments Off on Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?