Software Integrity Blog


IoT security, tech due diligence, software security training

IoT security, tech due diligence, and software security training

A grab bag of open source security and cyber security news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert Bob Martin covering IoT security. Learn how open source tech due diligence helped one company close a deal securely. Should Privacy Day be renamed to Lack of Privacy Day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.

Is the BSD OS dying? Some security researchers think so

via CSO: Too few eyeballs on code is a security issue as vulnerabilities go unreported and unpatched. Can FreeBSD, OpenBSD, and NetBSD survive?.

Duck Talks: 20 billion reasons for IoT security 

via Synopsys Software Integrity blog (video): Bob Martin from MITRE is a leading expert on Internet of Things security. His presentation “20 Billion Reasons for IoT Security” covered a range of topics around IoT security. He sat down with us at FLIGHT to discuss how we should be thinking about IoT, what security concerns might surface as these industries evolve, and how to manage the risks appropriately.

What does DevOps do in 2018?

via Infosecurity: Open source will continue to drive healthy competition. The days when companies were afraid of using open source software are pretty much long gone now. Almost every recent successful online business has been built on top of freely available software.

When good containers go bad

via Sysbus (Germany): Data center operators face challenges in terms of infrastructure complexity and application speed, while at the same time addressing compliance with global governance regulations, such as the General Data Protection Regulation (GDPR).

When software is the company, tech due diligence is critical

via Synopsys Software Integrity blog: The need to understand open source risk in a recent acquisition was the driver for the leading provider of patient medical financing options, AccessOne, to reach out to Black Duck by Synopsys for an open source code audit.

Connected vehicles: Could open source software pose cyber security risks?

via Software Testing News: Vehicle manufacturers need to adopt a cyber security approach to that addresses not only obvious exposures in their car’s software but also the hidden vulnerabilities that could be introduced by open source components in that software.  

Privacy still an uphill climb on Data Privacy Day

via Synopsys Software Integrity blog: You could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack of Privacy Day. That’s even with the looming implementation in May of the General Data Protection Regulation (GDPR) by the European Union—a move toward privacy protections explained in detail by Synopsys security consultant Stephen Gardner in a blog post earlier this month.

GDPR: Deadline looms but businesses still aren’t ready

via ZDNet: The UK government is warning organisations that they must prepare for new data protection laws now—or face the consequences when they come into force. 

The 6 biggest challenges facing DevOps

via InformationWeek: The DevOps field now embraces millions of software developers and entrepreneurs who have adjusted their teams and core philosophies to fall in line with the DevOps vision. However, these guiding principles are still evolving, and if you want to remain relevant and agile in 2018, you’ll need to evolve with them. 

Infographic: A lack of software security training puts companies at risk

via Synopsys Software Integrity blog: An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb. The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.

AccessOne gained visibility into open source risk. Read the case study today.


More by this author