A grab bag of open source security and cyber security news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert Bob Martin covering IoT security. Learn how open source tech due diligence helped one company close a deal securely. Should Privacy Day be renamed to Lack of Privacy Day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
via CSO: Too few eyeballs on code is a security issue as vulnerabilities go unreported and unpatched. Can FreeBSD, OpenBSD, and NetBSD survive?.
via Synopsys Software Integrity blog (video): Bob Martin from MITRE is a leading expert on Internet of Things security. His presentation “20 Billion Reasons for IoT Security” covered a range of topics around IoT security. He sat down with us at FLIGHT to discuss how we should be thinking about IoT, what security concerns might surface as these industries evolve, and how to manage the risks appropriately.
via Infosecurity: Open source will continue to drive healthy competition. The days when companies were afraid of using open source software are pretty much long gone now. Almost every recent successful online business has been built on top of freely available software.
via Sysbus (Germany): Data center operators face challenges in terms of infrastructure complexity and application speed, while at the same time addressing compliance with global governance regulations, such as the General Data Protection Regulation (GDPR).
via Synopsys Software Integrity blog: The need to understand open source risk in a recent acquisition was the driver for the leading provider of patient medical financing options, AccessOne, to reach out to Black Duck by Synopsys for an open source code audit.
via Software Testing News: Vehicle manufacturers need to adopt a cyber security approach to that addresses not only obvious exposures in their car’s software but also the hidden vulnerabilities that could be introduced by open source components in that software.
via Synopsys Software Integrity blog: You could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack of Privacy Day. That’s even with the looming implementation in May of the General Data Protection Regulation (GDPR) by the European Union—a move toward privacy protections explained in detail by Synopsys security consultant Stephen Gardner in a blog post earlier this month.
via ZDNet: The UK government is warning organisations that they must prepare for new data protection laws now—or face the consequences when they come into force.
via InformationWeek: The DevOps field now embraces millions of software developers and entrepreneurs who have adjusted their teams and core philosophies to fall in line with the DevOps vision. However, these guiding principles are still evolving, and if you want to remain relevant and agile in 2018, you’ll need to evolve with them.
via Synopsys Software Integrity blog: An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb. The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.