Embed Size (px)
Citation preview
Open Source Insight:2017 Top 10 IT Security Stories, Breaches, and Predictions for 2018
Fred Bals | Senior Content Writer/Editor
Cybersecurity News This Week
We’re winding up 2017 with the leading security stories of the year, as well as what 2018 might bring in terms of open source and cybersecurity. Several Black Duck and Synopsys’ bloggers weigh in with articles ranging from the need of SCA (software composition analysis), through how developers can navigate the sometimes stormy seas of software security, to addressing the issues of open source in tech contracts.
From Black Duck Software and Synopsys, we wish you a happy holiday season and will see you again in 2018!
• Top 10 IT Security Stories of 2017
• WHOIS The First Casualty Of GDPR?
• Synopsys: Going the Distance with Open Source
Vulnerabilities
• Red Hat's Strong Results Fail to Impress
Scrooge-ish Investors
• Top Security Breaches of 2017 (+2018 Cyber
Security Predictions)
Open Source News
More Open Source News
• 2018 AI/ML Predictions (Part 2)
• Infographic: Set the Course for Developers to Navigate Software Security
• Web Services Security: Providers and Consumers of APIs
• How Do You Address the Complexity of Open Source in Tech Contracts?
• Container Adoption by the Numbers
via Computer Weekly: Another new and growing security challenge facing
organisations is security flaws in open source code that is incorporated into
software used by the enterprise. An analysis of more than 1,000 applications
by Black Duck’s Centre for Open Source Research and Innovation
(COSRI) revealed that 96% of applications across all industry sectors
contained open source and a large proportion were vulnerable to open source
security issues. Overall, 60% of the applications audited contained high-risk
vulnerabilities. The retail and e-commerce industry had the highest proportion
of applications with high-risk open source vulnerabilities, with 83% of audited
applications containing high-risk vulnerabilities.
Top 10 IT Security Stories of 2017
WHOIS The First Casualty Of GDPR?
via Forbes: On May 25, 2018 the swarm will wash over us and it will be an unfortunate event for those organizations who did not get out in front of the issues that this works to resolve. To recap from my earlier article about this, GDPR is a concerted effort to bring all of the privacy regulations in Europe under a single standard bearer.
via Computer Weekly (Jim Ivers): With an SCA tool, you would be able to quickly scan the information repository and know where vulnerabilities were used, and additional information about the version. Furthermore, anyone who tried to use the offending version of Apache Struts after the vulnerability was disclosed should get a warning about that vulnerability from the SCA tool, so the problem is addressed before the code is deployed.
Synopsys: Going the Distance with Open Source Vulnerabilities
Red Hat's Strong Results Fail to Impress Scrooge-ish Investors
via SiliconANGLE News: “By any measure, the price drop wasn’t extreme and shareholders should be pleased by Red Hat’s more-than-solid performance.”
via Synopsys Software Integrity blog: The
number of publicly disclosed vulnerabilities in
2017 far exceeds the number from any
previous year. Below is a graph generated by
the National Vulnerability Database that shows
the number of publicly disclosed vulnerabilities
by year…
Top Security Breaches of 2017 (+2018 Cyber Security Predictions)
2018 AI/ML Predictions (Part 2)
via DZone: Patrick Carey, VP of Product Marketing, Black Duck Software
Machine learning use will increase exponentially, powered by open-source projects like Amazon DSSTNE (pronounced “Destiny”). “If you want your project to grow, making the code open-source will ensure its development,” says Amazon as it gives away DSSTNE, an open-source machine learning framework, developed initially to power its product recommendation systems. Because of frameworks like this being released as open-source, organizations will continually find more use for machine learning, from analyzing network traffic for malicious code and actors to improved diagnostics in medicine.
via Synopsys Software Integrity
blog: Security is essential to software
development, and security concerns have
moved far beyond “check the box.” View this
infographic to learn what developers need most
in a software security tool.
Infographic: Set the Course for Developers to Navigate Software Security
Web Services Security: Providers and Consumers of APIs
via Black Duck blog: In my previous posts, I've highlighted
the importance and challenges of web services. This time I want to
focus on web services security. The primary challenge is that it’s
difficult to control the flow of data that goes through APIs. For this
reason, organizations need to have fixed policies around
data provided through APIs. Organizations are adopting two basic data
security solutions to effectively utilize the power of APIs without
sacrificing security and privacy…
via Black Duck blog: Many of the code bases Black Duck
audited this year comprised more than half open source.
Combine that with the fact that most companies don’t track
or manage it very well, and you have a concerning basis for
a range of risks. Black Duck educational materials often
connect the dots to the implications for software
development and M&A due diligence, but open source risks
are an issue worthy of attention in any contract negotiation
involving software.
How Do You Address the Complexity of Open Source in Tech Contracts?
Container Adoption by the Numbers
via Black Duck blog: With a far smaller computing footprint, containers
are simple and nimble—eliminating the need for IT Operations and
DevOps teams to worry about underlying architecture when they deploy
applications. As a result of their simplicity, 73% of companies who use
containers indicate a more consistent deployment process. The most
common sentiment towards containers in this survey indicated that they
play a key role in organizations’ DevOps strategy, likely due to the
ability to deploy consistently and with agility.
Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.
