Software Integrity Blog


OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up.

Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week!

Announcing OpsSight Container Security 2.0 GA

via Synopsys Software Integrity:  Today we are announcing OpsSight 2.0. This new version has the same important security features as its older brother but has been re-architected to better scale and maintain support for the latest and greatest in container orchestration, like OpenShift Container Platform 3.9 and Kubernetes 1.10.

Hackers target flaws affecting a million internet-exposed routers

via Security Week: Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet.

Abbott addresses life-threatening flaw in a half-million pacemakers

via Threatpost: Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices. The update will strengthen the devices’ protection against unauthorized access, as the provider said in a statement on its website: “It is intended to prevent anyone other than your doctor from changing your device settings.”

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

via Synopsys Software Integrity: How do I manage false positives? How do I triage the results? What happens to new issues identified? My scan takes 4–5 hours to complete. How can I use this tool in my DevSecOps pipeline? If these are the questions you are asking, and you’re concerned about integrating a SAST tool into your DevSecOps pipeline, read on.

Thousands of companies are still downloading the vulnerability that wrecked Equifax

via Fortune: When the news emerged that Equifax had succumbed to a colossal data breach from mid-May through July of last year, consumers were livid—in part because the ransacking was entirely preventable. In the year since, thousands of companies have continued to introduce the same security holes into their computer networks. As many as 10,801 organizations—including 57% of the Fortune Global 100—have downloaded known-to-be-vulnerable versions of Apache Struts, the popular, open source software package that attackers targeted to loot Equifax.

We’re a 2018 NEVY Awards finalist for Cybersecurity Company of the Year

via Synopsys Software Integrity: New England is a crowded space when it comes to cyber security, technology, and innovation, which is why we’re so honored to be named a finalist for the Cybersecurity Company of the Year Award in the 2018 NEVY Awards, hosted by the New England Venture Capital Association (NEVCA) and presented by Bristol-Myers Squibb.

As Kubernetes grows, a startup ecosystem develops in its wake

via TechCrunch: Kubernetes, the open source container orchestration tool, came out of Google several years ago and has gained traction amazingly fast. With each step in its growth, it has created opportunities for companies to develop businesses on top of the open source project.

 How West Virginia is trying to build hacker-proof voting

via New York Times: “See, right here, a Canadian IP address is trying to go into online voter registration,” said the West Virginia Air National Guard sergeant who was tracking the would-be intruders, pointing at the screen. “Here’s someone from Great Britain trying to do the same. China is trying to get into the home page—trying to, but they’re getting blocked.”

Employees post passwords online, hacking tool grants access to DVRs, and blockchain

via Synopsys Software Integrity (video): Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode.


More by this author