Software Integrity Blog


Who owns Linux? TRITON attack, app security testing, future of GDPR

Who Owns Linux? TRITON Attack, App Security Testing, Future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, and a webinar on the 2018 Open Source Rookies of the Year.

Open Source Insight is your weekly news resource for open source security and cyber security news!

Interview with Art Dahnert, Synopsys

via Automobil Elektronik: Video – Art Dahnert, Managing Consultant at Synopsys, talks about the security of open source software and how Black Duck Hub helps.

Building standout projects with the open source community

via Synopsys Software Integrity blog: Developing an open source project can seem daunting at times. Finding time to dedicate to a project can be difficult, and when it finds success, reported issues and proposed changes to review can seem endless. Selecting open source libraries to use is no easier — you must make a choice between multiple options, and short of reviewing the library’s entire codebase, how can you make such a selection (and know you made the right one)? The open source community has answers to these problems by automating many common-sense checks into contributing and providing ways to show summaries of those results to prospective users. 

Why do the vast majority of applications still not undergo security testing?

via Security Week: With the growing use of open source, the amount of code from external sources in any application is rising exponentially. This open source code may contain profound vulnerabilities that immediately become part of your software. Software composition analysis (SCA) detects open source and third-party component risks in development and production. It also identifies potential licensing issues in open source code used in your applications.

Innovation may be outpacing security in cars

via eeNews: Open source use is pervasive across every industry vertical, including the automotive industry. A study conducted in early 2017 by Synopsys’s Center for Open Source Research and Innovation (COSRI) examining findings from the anonymised data of more than 1,000 commercial applications found open source components in 96% of the applications scanned. On average, open source comprised 36% of the code base in these applications. 

Open source projects that break boundaries

via Black Duck by Synopsys: In this webinar on March 22nd, we’ll explore the origins and evolution of this year’s most outstanding Open Source Rookies, who are investing their efforts in everything from Autonomous Driving, through Scalable Blockchain, and VNF Orchestration, to Personal Security and Relationship Management. 

TRITON attack: A failure this time, but still ominous

via Synopsys Software Integrity blog: Yet another cyber-attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses.

GitLab: 2018 is the year for open source and DevOps

via SD Times: DevOps and open source aren’t slowing down anytime soon, a newly released report revealed. GitLab released its 2018 Global Developer Survey on developers’ perception of their workplace, workflow, and tooling within IT organizations. 

The future of GDPR: Compliance beyond the deadline

via Silicon Republic: With a little more than two months until the enforcement date rolls around, many entities are looking at the compliance deadline as just that: a deadline. But that is really only the beginning for GDPR. 

Cybercriminals spotted hiding cryptocurrency mining malware in forked projects on GitHub

via ZDNet: Those behind the campaign are tailoring the Monero cryptojacking malware to use a limited amount of CPU power in order to evade infections being detected.

How open-source software drives IoT and AI

via DZone: One of the most promising emerging developments is the intersection of the IoT and AI. Expect more of this as open source continues to speed development in these exciting technologies.

Who owns Linux?

via Synopsys Software Integrity blog: In October 2017, the plaintiff Patrick McHardy had been successful in obtaining a very broad preliminary injunction covering the entire Linux kernel against Geniatech, the producer of the EyeTV product line.

3 secret reasons you must join us at FLIGHT Amsterdam

via Synopsys Software Integrity blog: Synopsys executives are excited about joining FLIGHT Amsterdam. Not only will our leadership team be on hand to meet with you and discuss Black Duck Hub features and product roadmaps, but there will be a session introducing how Black Duck Hub fits into the ecosystem of Synopsys and all the cool things coming as the companies join forces.

Examining DevSecOps realities and opportunities. Read the 451 Research report.


More by this author