Open Source Insight: Securing Software Stacks, Election Security, FDA Pacemaker Recall
Download as PPTX, PDF1 like276 views
This document provides a summary of recent cybersecurity and open source news. It discusses potential hidden threats that can exist in otherwise secure software stacks and Docker containers. It also covers issues around ensuring election security with open source software, a FDA recall of 465,000 pacemakers that were found to have cybersecurity vulnerabilities, and reasons why the cybersecurity industry has struggled to keep up with rising cybercrime. Additionally, it mentions a firmware update to address issues identified in Abbott pacemakers and what software teams can learn from building radar detectors.
Open Source Insight: Securing Software Stacks, Election Security, FDA Pacemaker Recall
- 1. Open Source Insight: Securing Software Stacks, Election Security, FDA Pacemaker Recall By Fred Bals | Senior Content Writer/Editor
- 2. Cybersecurity News This Week News is slight as the US prepares to bore into the Labor Day weekend and the unofficial end of Summer 2017. Yet our crack staff of editors has scoured the Webbernets to produce the best in cybersecurity and open source security news for your reading pleasure. Enjoy, and if you celebrate Labor Day, have a great holiday weekend!
- 3. • The Hidden Threat Lurking in an Otherwise Secure Software Stack • Open Source Software Won't Ensure Election Security • If Machine Learning is the question, open source is the answer. Right? • FDA Recalls 465K Pacemakers Tied to MedSec Research • Three Reasons Why The Cybersecurity Industry May Never Catch Up To Cybercrime • Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott's (formerly St. Jude Medical's) Implantable Cardiac Pacemakers: FDA Safety Communication • What Software Teams Can Learn from Building Radar Detectors Open Source News
- 4. The Hidden Threat Lurking in an Otherwise Secure Software Stack via The ServerSide: Summary: Is there a hidden threat buried in your software stack? Is there a hidden threat embedded within your Docker container? It's certainly not a prospect that lives outside of the realm of possibility, especially if you're not 100% sure as to exactly how the various open source components that make up your software stack or your container image were derived. "One of the aspects of open source is that it can be forked," said Tim Mackey, the Technical Evangelist for Black Duck Software.
- 5. via LawFare: The technology behind elections is hard to get right. Elections require security. They also require transparency: anyone should be able to observe enough of the election process, from distribution of ballots, to the counting and canvassing of votes, to verify that the reported winners really won. But if people vote on computers or votes are tallied by computers, key steps of the election are not transparent and additional measures are needed to confirm the results. Open Source Software Won't Ensure Election Security
- 6. If Machine Learning is the question, open source is the answer. Right? via Tech Republic: #7 - Not patching immediately Companies often spend thousands of dollars on security solutions, only to have them bypassed by something as simple as not applying a security patch right away.
- 7. via Threatpost: The United States Federal Drug Administration is recalling 465,000 pacemakers that attackers can gain unauthorized access to issue commands, change settings and maliciously disrupt. Affected are four models manufactured by Abbott Laboratories. FDA Recalls 465K Pacemakers Tied to MedSec Research
- 8. Three Reasons Why The Cybersecurity Industry May Never Catch Up To Cybercrime via Forbes: Is the cybersecurity industry keeping up with cybercrime? Absolutely not. Cyberwarfare is at an all-time high, and cybersecurity is just unable—unequipped—to keep up. We’re seeing a convergence of three major vectors—devices, data, and a shortage of talent—coming to a head. That’s causing an explosion of what I’ll refer to as “cybercrime opportunity.”
- 9. via FDA: On August 23, 2017, the FDA approved a firmware update that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities for certain Abbott (formerly St. Jude Medical) pacemakers. "Firmware" is a specific type of software embedded in the hardware of a medical device (e.g. a component in the pacemaker). Firmware Update to Address Cybersecurity Vulnerabilities Identified in Abbott's (formerly St. Jude Medical's) Implantable Cardiac Pacemakers: FDA Safety Communication
- 10. What Software Teams Can Learn from Building Radar Detectors via Black Duck blog (Mike Pittenger): Twenty years ago, a software parts list would have seemed ludicrous. All software was built from scratch, and every code base was unique. Today, however, a software bill of materials is critical to organizations, for many of the same reasons they are required in radar detectors.
- 11. Subscribe Stay up to date on open source security and cybersecurity – subscribe to our blog today.