Posted by Fred Bals on May 14, 2018
Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up.
Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week!
via Synopsys Software Integrity: Today we are announcing OpsSight 2.0. This new version has the same important security features as its older brother but has been re-architected to better scale and maintain support for the latest and greatest in container orchestration, like OpenShift Container Platform 3.9 and Kubernetes 1.10.
via Security Week: Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet.
via Threatpost: Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices. The update will strengthen the devices’ protection against unauthorized access, as the provider said in a statement on its website: “It is intended to prevent anyone other than your doctor from changing your device settings.”
via Synopsys Software Integrity: How do I manage false positives? How do I triage the results? What happens to new issues identified? My scan takes 4–5 hours to complete. How can I use this tool in my DevSecOps pipeline? If these are the questions you are asking, and you’re concerned about integrating a SAST tool into your DevSecOps pipeline, read on.
via Fortune: When the news emerged that Equifax had succumbed to a colossal data breach from mid-May through July of last year, consumers were livid—in part because the ransacking was entirely preventable. In the year since, thousands of companies have continued to introduce the same security holes into their computer networks. As many as 10,801 organizations—including 57% of the Fortune Global 100—have downloaded known-to-be-vulnerable versions of Apache Struts, the popular, open source software package that attackers targeted to loot Equifax.
via Synopsys Software Integrity: New England is a crowded space when it comes to cyber security, technology, and innovation, which is why we’re so honored to be named a finalist for the Cybersecurity Company of the Year Award in the 2018 NEVY Awards, hosted by the New England Venture Capital Association (NEVCA) and presented by Bristol-Myers Squibb.
via TechCrunch: Kubernetes, the open source container orchestration tool, came out of Google several years ago and has gained traction amazingly fast. With each step in its growth, it has created opportunities for companies to develop businesses on top of the open source project.
via New York Times: “See, right here, a Canadian IP address is trying to go into online voter registration,” said the West Virginia Air National Guard sergeant who was tracking the would-be intruders, pointing at the screen. “Here’s someone from Great Britain trying to do the same. China is trying to get into the home page—trying to, but they’re getting blocked.”
via Synopsys Software Integrity (video): Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode.
Get the latest Software Integrity news, thought leadership, and more.