Software Integrity Insight is your resource on the cyber security and open source security that made the headlines!
Wednesday, RSA 2018: On any given day, there are more than 150 sessions to choose from here. Good luck getting to even 5% of those. The good news is that attendees can get access to most of the sessions they missed after the fact, since the slide presentations are posted and videos are made of just about every one. So you can keep “attending” for months to come. But from a small slice of it in real time: It didn’t get nearly as much buzz as the keynote from Monica Lewinsky of Bill-Clinton-and-blue-dress fame, but the message was still powerful: Behavioral analytics is changing the world of security.
How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news, including the latest on the Atlanta ransomware attack.
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, and a webinar on the 2018 Open Source Rookies of the Year.
Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance, Webinars | Comments Off on Who owns Linux? TRITON attack, app security testing, future of GDPR
The auto industry constantly debuts new entertainment and safety features, but how secure is connected car software? How do you build in connected car security?
Posted in Automotive Security | Comments Off on What’s under your hood? Connected car security and you
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.
Posted in Automotive Security | Comments Off on Are there ever legitimate reasons for hacking a car?
Fiat Chrysler Automobiles (FCA) announced recently that it was recalling 7,802 Dodge Challengers to “update transmission software,” in response to vehicle movement (“rolling”) after drivers shifted into park. While 7,802 pales compared to the 811,000 recalled from inadvertent “rolling” last year, the concept of pulling cars away from customers for a software upgrade is beginning to catch broader attention. Investment banking firm Stout Risius Ross reported that software issues accounted for 15% of total recalls in 2015, up from 5% in 2011. Big business, big investment Minimizing recalls, which overall totaled more than $900M for General Motors (GM) alone in 2016, would be a significant cost saving opportunity. One remedy for software related recalls is Over the Air (OTA) updates, which would eliminate the need to bring vehicles into dealerships for software updates and allow data driven improvements to minimize maintenance. According to IHS Markit, OTA updates could save the global automotive industry more than $35B by 2022.
Posted in Automotive Security | Comments Off on OTA updates driving connected car revolution?
Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security are deep and pervasive characteristics. As such, it is advisable to start with solid architecture and robust code from the start. Robust software for better quality and security Coding guidelines can help in developing robust code that is portable, safe to be run in high-assurance systems, and secure against common code exploits. Motivated by these insights, the Motor Industry Software Reliability Association (MISRA) published a range of reports, recommendations, and guidelines to ensure the development of safe and secure software. Most prominently are MISRA’s guidelines for the development of C and C++ projects. These include their MISRA C 2004, MISRA C++ 2008, and MISRA C 2012 standards.
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about automotive software security and the future of connected cars.