Upload
black-duck-software
View
54
Download
2
Embed Size (px)
Citation preview
Open Source Insight:Banking and Open Source, 2018 CISO Report, GDPR Looming
Fred Bals | Senior Content Writer/Editor
Cybersecurity News This Week
Cybercriminals are expected to extend their threat deeper into ransomware and IoT. In a just-released report, Synopsys examines the four “tribes” of CISOs, and the characteristics of each. A link to the complimentary report is below. And with the GDPR going into force in just four months, businesses are scrambling for compliance.
All these cybersecurity stories and more in the January 19th edition of Open Source Insight.
• Will Tomorrow's Core Banking Systems
Run on Open-Source Software?
• Open Source Software Security Challenges
Persist, but the Risk Can Be Managed
• Cybersecurity Predictions
• Introducing the 2018 CISO Report: A Q&A
with Gary McGraw
Open Source News
More Open Source News
• Synopsys Report Identifies Four Approaches to the CISO Role
• Fine Time: What GDPR Enforcement Could Look Like
• 4 Key Questions (and Answers) for Automotive Cybersecurity
• Is Shadow Engineering Developing Your Applications?
• What Does GDPR Enforcement Mean for Your Business?
via American Banker: As financial institutions experiment
with new technologies, more are expected to adopt open-
source software in place of commercial applications. This
embrace of openness can — and, some experts say, should
— go beyond peripheral tools and apps, to banks using open-
source software for their core banking systems one day.
Will Tomorrow's Core Banking Systems Run on Open-Source Software?
Open Source Software Security Challenges Persist, but the Risk Can Be Managed
via Security Asia: According to the latest Black Duck report, open source components are now present in 96 percent of commercial applications. The average application had 147 different open source components -- and 67 percent of the applications used components with known vulnerabilities.
via Open Access Government: Cyber
adversaries will extend further into
ransomware, OT systems and
cryptocurrencies. The growing commercial
utilization of IoT and OT systems means
that, for the adversary, the value of
breaching and controlling these types of
systems is increasing.
Cybersecurity Predictions
Introducing the 2018 CISO Report: A Q&A with Gary McGraw
via Synopsys Software Integrity blog: We recently sat down with Synopsys VP of security technology, Dr. Gary McGraw, to discuss his latest research effort. In addition to the annual Building Security In Maturity Model (BSIMM), Gary has set out to identify the ways in which CISOs approach their job role. The CISO project team, which included Sammy Migues and Dr. Brian Chess, interviewed 25 CISOs to identify approaches to the CISO role, characteristics of CISOs, and discriminators between types of CISOs and to establish a coherent model describing how CISOs organize and execute their work.
via Data Center Journal: The Chief Information Security
Officer (CISO) Report identifies four unique approaches to
the CISO role called “tribes,” each with distinct
characteristics. The study emphasizes how the four tribes
differ in executing a security plan and what the tribes can
learn from one another, providing insight for leaders
looking to improve their security programs and advance
their careers. Download a complimentary copy of the CISO
Report.
Synopsys Report Identifies Four Approaches to the CISO Role
Fine Time: What GDPR Enforcement Could Look Like
via InfoSecurity Magazine: Contained in a comprehensive Google Document, the research looks at the annual financial reports of the FTSE 100 and includes their turnover, profit after tax and what impact a fine of 4%, 2% or 1% of the turnover would look like. The research reveals that the company listed #1 on that day –Royal Dutch Shell – would see their entire annual profit wiped out if they were to face a 4% fine under GDPR. In fact, of the 100 companies listed, 34 would see their profit wiped out with a 4% fine, 19 with a 2% fine and 15 with a 1% fine.
via Black Duck blog (Mike Pittenger): As with
safety, ensuring automotive security is going to
be about visibility and control across the supply
chain. If manufacturers don’t know what’s in the
code of their connected car technology
suppliers, they won’t be able to control their
cybersecurity risks. The industry can start by
establishing a self-imposed set of minimum
security requirements.
4 Key Questions (and Answers) for Automotive Cybersecurity
Is Shadow Engineering Developing Your Applications?
via Black Duck blog (David Znidarsic): Do you allow a supplier’s
goods and services to be acquired and used by your employees
without the approval of your management? Certainly not any more.
You’ve probably spent years applying better governance around the
acquisitions made by Shadow IT. However, even before the
emergence of shadow IT, your engineers have been making
acquisitions from ungoverned suppliers: open source software
authors.
via Synopsys Software Integrity blog: Now that
a new year is upon us, we must remember that this
is the year the General Data Protection Regulation
(GDPR) supersedes Directive 95/36/EC. The new
regulation will take effect May 25, 2018. In other
words, this is the date by which organizations must
be compliant.
What Does GDPR Enforcement Mean for Your Business?
Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.