Posted by Fred Bals on March 16, 2018
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cyber security news!
via Automobil Elektronik: Video – Art Dahnert, Managing Consultant at Synopsys, talks about the security of open source software and how Black Duck Hub helps.
via Synopsys Software Integrity blog: Developing an open source project can seem daunting at times. Finding time to dedicate to a project can be difficult, and when it finds success, reported issues and proposed changes to review can seem endless. Selecting open source libraries to use is no easier — you must make a choice between multiple options, and short of reviewing the library’s entire codebase, how can you make such a selection (and know you made the right one)? The open source community has answers to these problems by automating many common-sense checks into contributing and providing ways to show summaries of those results to prospective users.
via Security Week: With the growing use of open source, the amount of code from external sources in any application is rising exponentially. This open source code may contain profound vulnerabilities that immediately become part of your software. Software composition analysis (SCA) detects open source and third-party component risks in development and production. It also identifies potential licensing issues in open source code used in your applications.
via eeNews: Open source use is pervasive across every industry vertical, including the automotive industry. A study conducted in early 2017 by Synopsys’s Center for Open Source Research and Innovation (COSRI) examining findings from the anonymised data of more than 1,000 commercial applications found open source components in 96% of the applications scanned. On average, open source comprised 36% of the code base in these applications.
via Black Duck by Synopsys: In this webinar on March 22nd, we’ll explore the origins and evolution of this year’s most outstanding Open Source Rookies, who are investing their efforts in everything from Autonomous Driving, through Scalable Blockchain, and VNF Orchestration, to Personal Security and Relationship Management.
via Synopsys Software Integrity blog: Yet another cyber-attack on a critical infrastructure installation ought to send yet another warning to operators of industrial control systems (ICS) that it is long past time to, as they say, harden their defenses.
via SD Times: DevOps and open source aren’t slowing down anytime soon, a newly released report revealed. GitLab released its 2018 Global Developer Survey on developers’ perception of their workplace, workflow, and tooling within IT organizations.
via Silicon Republic: With a little more than two months until the enforcement date rolls around, many entities are looking at the compliance deadline as just that: a deadline. But that is really only the beginning for GDPR.
via ZDNet: Those behind the campaign are tailoring the Monero cryptojacking malware to use a limited amount of CPU power in order to evade infections being detected.
via DZone: One of the most promising emerging developments is the intersection of the IoT and AI. Expect more of this as open source continues to speed development in these exciting technologies.
via Synopsys Software Integrity blog: In October 2017, the plaintiff Patrick McHardy had been successful in obtaining a very broad preliminary injunction covering the entire Linux kernel against Geniatech, the producer of the EyeTV product line.
via Synopsys Software Integrity blog: Synopsys executives are excited about joining FLIGHT Amsterdam. Not only will our leadership team be on hand to meet with you and discuss Black Duck Hub features and product roadmaps, but there will be a session introducing how Black Duck Hub fits into the ecosystem of Synopsys and all the cool things coming as the companies join forces.
Get the latest Software Integrity news, thought leadership, and more.