Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam.
It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security.
Posted in Software Architecture and Design | Comments Off on Closing the CVE gap still a work in progress
In this week’s open source security and cyber security news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cyber security. The Defense Department (re)launches its open source portal. A look at cyber security through the (virtual) lens of video gaming. What you need to know to be a DPO. And what’s up with the National Vulnerability Database?
The image below is what you saw if you search the National Vulnerability Database (NVD) on February 16. As you can see, vulnerabilities are being added on a daily basis. The far right column, however, is blank. None of the vulnerabilities are being scored using NIST’s Common Vulnerability Scoring System (CVSS).
Posted in Software Architecture and Design | Comments Off on What’s happening with the National Vulnerability Database?
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck OpsSight brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.
A relatively new Internet of Things (IoT) botnet took its time going viral – it even disappeared for 10 days – but once it got back in gear, it spread worldwide in a matter of days.
For data breaches, 2017 was (no drum roll, please)…The. Worst. Year. Ever.
Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas.
Posted in Software Architecture and Design | Comments Off on Learn how to scale threat modeling with a pattern-based strategy
Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”