Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious AIs & GDPR
Download as PPTX, PDF2 likes432 views
This document provides a summary of cybersecurity and open source news stories from March 2nd. It discusses the need to incorporate application security practices into the DevOps process. It also looks at deciding between open source and proprietary software based on factors like code transparency and vendor support. Additionally, it reports that one in eight open source components contain security flaws and explains why enterprises need a comprehensive software security program rather than isolated security activities. Finally, it provides answers to frequently asked questions about the GDPR regulation and notes unexpected places where GDPR-related data can be found.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious AIs & GDPR
- 1. Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious AIs & GDPR By Fred Bals, Senior Content Strategist
- 2. Cybersecurity News This Week Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
- 3. • Why You Need to Build AppSec into Your DevOps Process • How to Decide If Open Source or Proprietary Software Solutions Are Best for Your Business • One in Eight Open Source Components Contain Flaws • Why Do Enterprises Need a Software Security Program? • The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation Open Source News Stories
- 4. • The Many Beating Hearts of UK Tech • Tech Due Diligence: Helping PE Firms Invest with Confidence • Amazon's Alexa Takes Open-Source Route to Beat Google Into Cars • Here Are the Answers to the Most Frequently Asked Questions About GDPR • 10 Unexpected Places You May Find GDPR-Related Data Open Source News Stories
- 5. Why You Need to Build AppSec into Your DevOps Process via Black Duck blog: Application development thrives on the use of open source components, writes Black Duck Technology Evangelist, Tim Mackey. Why? Quite simply, there are many benefits to using open source components, including the ability to leverage skill sets and expertise of the open source community, take advantage of the efforts of larger development teams, and reduce costs. To use open source components safely and responsibly, organizations need visibility into which open source components they’re using, where those components originate, and understand the associated security risk of each component.
- 6. How to Decide If Open Source or Proprietary Software Solutions Are Best for Your Business via TechRepublic: One of the advantages of open source - transparent, customizable code which is accessible by anyone - can be turned into a disadvantage. If the code contains vulnerabilities which can be exploited, malicious individuals may be able to capitalize upon this. Without a proprietary vendor on the hook for releasing updates, fixes may be slower to arrive (though to be fair a strong developer community can develop solutions more readily as well).
- 7. One in Eight Open Source Components Contain Flaws via InfoSecurity Magazine: The security problems associated with open source components are nothing new. A study from Synopsys last year revealed that half of the third-party components used in software applications are outdated and possible insecure. Yet another report, this time from Black Duck’s Center for Open Source Research and Innovation last year, claimed that over 60% of all apps using open source components contain known software vulnerabilities.
- 8. Why Do Enterprises Need a Software Security Program? via InfoSecurity Magazine: In today’s complex, technology-dependent enterprises, the answer to “Why?” is straightforward, writes Sammy Migues, Principal Scientist at Synopsys. Enterprises cannot expect a collection of independent activities—a pen test here, an hour of training there, some free tools that may not work as advertised to consistently result in secure software.
- 9. via University of Oxford: This report surveys the landscape of potential security threats from malicious uses of artificial intelligence technologies, and proposes ways to better forecast, prevent, and mitigate these threats. The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
- 10. via UKTN: The Northern Irish capital is emerging as a growing cyber hub, as evidenced by a number of leading companies establishing a presence there in the last few years. In 2016 alone, three major US software firms – Black Duck, Rapid 7 and Alert Logic – came to the city, bringing with them more than 200 jobs. The Many Beating Hearts of UK Tech
- 11. via Black Duck blog: In technology deals, one of the biggest areas of focus for PE firms before final acquisition is tech due diligence to help acquirers understand the intellectual property they’re buying. Savvy buyers will also put processes in place to maintain the value of the assets acquired and to ensure there are no issues with those assets when it’s time to divest. Tech Due Diligence: Helping PE Firms Invest with Confidence
- 12. via Bloomberg Technology: Cars must use Automotive Grade Linux, an open- source platform being developed by Toyota Motor Corp. and other auto manufacturers and suppliers to underpin all software running in the vehicle. The only cars currently on the system are Toyota’s new Camry and Sienna and the Japanese version of the plug-in Prius, though the carmaker plans to expand that list. AGL has been growing too, reaching 114 members currently, up from around 90 a year earlier. Amazon signed on last month. Amazon's Alexa Takes Open-Source Route to Beat Google Into Cars
- 13. Here Are the Answers to the Most Frequently Asked Questions About GDPR via Synopsys Software Integrity blog: GDPR will become fully enforceable throughout the EU on May 25, 2018.
- 14. 10 Unexpected Places You May Find GDPR-Related Data via CMSWire: GDPR is months away and yet even well-prepared companies are finding last minute surprises as they race to the finish line. Part of the problem is that the regulation itself is so complex; another part is the surprising range of data that fall under the regulation.