Software Integrity Blog


NIST report on container security, GitLab Developer Report, VW and Audi remote hacks

NIST report on container security, GitLab Developer Report, VW and Audi remote hacks

Software Integrity Insight is your resource on the cyber security and open source security that made the headlines!

8 takeaways from NIST’s application container security guide

via Synopsys Software Integrity: Chances are, hackers are aware of the growing popularity of containers as well, says technical evangelist Tim Mackey. Which is why we compiled eight takeaways from NIST’s report on container security so you can be proactive about vulnerabilities in your production environment.

GitLab 2018 Global Developer Report

via GitLab: Software professionals collectively recognize the value of working in highly collaborative environments and have experienced the benefits of doing so. While developers and managers are culturally aligned, workflow and tooling roadblocks delay delivery, preventing teams from reaching their maximum potential.

How did an Electron framework flaw put Slack at risk?

via SearchSecurity: An Electron framework flaw put major apps like Slack at risk of remote code execution. What is the flaw and what should be done to safeguard apps from similar vulnerabilities?

Improving government services

via CIOReview: Just in open source, a recent Black Duck by Synopsys analysis of its own KnowledgeBase™ found more than 900 health and medical projects representing 13 percent year-to-year growth, and more than 124 million lines of code, representing 65 percent annualized growth and more than 45,000 staff years of code contribution.

Volkswagen and Audi cars vulnerable to remote hacking

via BleepingComputer: A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking. Daan Keuper and Thijs Alkemade, security researchers with Computest, said they successfully tested their findings and exploit chains on Volkswagen Golf GTE and Audi A3 Sportback e-tron models.

A Wayback Machine for source code

via Undark: Modern digital life relies on layers of shared and dependent code that is, over time, vulnerable to deletions. Will an archive help?

“You’re a tech powerhouse not startup nation”

via Globes:  Synopsys is one of the largest and most veteran software companies in the world that you probably have never heard of. It began as a small startup that its founders established after leaving General Electric in 1986. It now has more than 12,000 employees and 100 offices worldwide, including a development center in Herzliya with 140 employees. Synopsys CEO Aart de Geus is visiting Israel to scout out cybersecurity and AI startups.

GDPR requirements prompt new approach to protecting data in motion

via Dark Reading: The EU’s General Data Protection Regulation (GDPR) will take effect on May 25, a response to data breaches and demands for greater oversight relating to security of personal identifiable information (PII). As shown by the recent Equifax and Cambridge Analytica debacles, the risks to PII are real as digital transformation makes all interaction data usable and the Internet of Things (IoT) causes an explosion of new data sources.

Should we open source election software?

via StateScoop: If we do, it should be done with caution, says Tim Mackey, technical evangelist for Black Duck by Synopsys.


More by this author