Open Source Insight: IoT Security, Tech Due Diligence, and Software Security Training
Download as PPTX, PDF1 like220 views
This document covers various developments in open source security, including concerns over IoT security and the effectiveness of Linus' Law. It highlights the importance of software security training and due diligence for companies engaging with open source technologies, pointing out that many developers lack security skills. Additionally, it addresses the implications of GDPR on data privacy and the challenges facing the DevOps field.
Open Source Insight: IoT Security, Tech Due Diligence, and Software Security Training
- 1. Open Source Insight: IoT Security, Tech Due Diligence, and Software Security Training Fred Bals | Senior Content Writer/Editor
- 2. Cybersecurity News This Week A grab-bag of open source security and cybersecurity news is in this week’s edition of Open Source Insight. Is “many eyeballs” not enough? Some security researchers think Linus’ Law doesn’t work anymore. Black Duck by Synopsys kicks off a new video series with MITRE IoT expert, Bob Martin. Learn how open source tech due diligence helped one company close a deal securely. Should “Privacy Day” be renamed to “Lack of Privacy” day? Plus, an eye-catching infographic on how too little software security training is putting many companies at risk.
- 3. • Is the BSD OS dying? Some security researchers think so • Duck Talks: 20 Billion Reasons for IoT Security • What does DevOps do in 2018? • When Good Containers Go Bad • When Software is the Company, Tech Due Diligence is Critical Open Source News
- 4. More Open Source News • Connected Vehicles: Could Open Source Software Pose Cyber Security Risks? • Privacy still an uphill climb on Data Privacy Day • GDPR: Deadline looms but businesses still aren't ready • The 6 Biggest Challenges Facing DevOps • Infographic: A lack of software security training puts companies at risk
- 5. via CSO: Too few eyeballs on code is a security issue as vulnerabilities go unreported and unpatched. Can FreeBSD, OpenBSD, and NetBSD survive? Is the BSD OS dying? Some security researchers think so
- 6. Duck Talks: 20 Billion Reasons for IoT Security via Black Duck blog (video): Bob Martin from MITRE is a leading expert on Internet of Things security. His presentation “20 Billion Reasons for IoT Security” covered a range of topics around IoT. He sat down with us at FLIGHT to discuss how we should be thinking about IoT, what security concerns might surface as these industries evolve, and how to manage the risks appropriately.
- 7. via InfoSecurity: Open source will continue to drive healthy competition. The days when companies were afraid of using open source software are pretty much long gone now. Almost every recent successful online business has been built on top of freely available software. What does DevOps do in 2018?
- 8. When Good Containers Go Bad via Sysbus (Germany): Data center operators face challenges in terms of infrastructure complexity and application speed, while at the same time addressing compliance with global governance regulations, such as the General Data Protection Regulation (GDPR).
- 9. via Black Duck blog: The need to understand open source risk in a recent acquisition was the driver for the leading provider of patient medical financing options, AccessOne, to reach out to Black Duck by Synopsys for an open source code audit. When Software is the Company, Tech Due Diligence is Critical
- 10. Connected Vehicles: Could Open Source Software Pose Cyber Security Risks? via Software Testing News: Vehicle manufacturers need to adopt a cyber security approach to that addresses not only obvious exposures in their car’s software but also the hidden vulnerabilities that could be introduced by open source components in that software.
- 11. via Synopsys Software Integrity blog: You could make a pretty solid case that a decade later, this year’s observance, on Sunday, ought to be called Lack of Privacy Day. That’s even with the looming implementation in May of the General Data Protection Regulation (GDPR) by the European Union — a move toward privacy protections explained in detail by Synopsys security consultant Stephen Gardner in a blog post earlier this month. Privacy still an uphill climb on Data Privacy Day
- 12. GDPR: Deadline looms but businesses still aren't ready via ZDNet: The UK government is warning organisations that they must prepare for new data protection laws now — or face the consequences when they come into force.
- 13. via InformationWeek: The DevOps field now embraces millions of software developers and entrepreneurs who have adjusted their teams and core philosophies to fall in line with the DevOps vision. However, these guiding principles are still evolving, and if you want to remain relevant and agile in 2018, you’ll need to evolve with them. The 6 Biggest Challenges Facing DevOps
- 14. Infographic: A lack of software security training puts companies at risk via Synopsys Software Integrity blog: An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb. The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.
- 15. Subscribe Stay up to date on open source security and cybersecurity – subscribe to our blog today.