Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open Source
Download as PPTX, PDF1 like155 views
The document discusses key insights from security researchers at the Flight 2017 conference, highlighting the need to focus on containing hackers rather than attempting to eliminate them. It also notes the U.S. government's cybersecurity alerts regarding North Korean attacks and emphasizes the growing trend of banks and the Pentagon moving towards open source software for its speed and cost-effectiveness. Additionally, the text mentions the importance of addressing vulnerabilities in software, particularly open source, to enhance overall security.
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open Source
- 1. Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open Source Fred Bals | Senior Content Writer/Editor
- 2. Cybersecurity News This Week We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And why it’s smart to assume that every application is an on-premise application. The best of November’s application security and open security news (so far) follows in this week’s edition of Open Source Insight.
- 3. • IoT Security Pros: You Can’t Beat the Hackers You Can Only Contain Them • It Wasn’t an Equifax Toaster That Stole 145M People’s Personal Data • U.S. Government Issues Alerts About Malware and Ip Addresses Linked to North Korean Cyber Attacks • Known Security Vulnerabilities Are a Hacker's Guide to an IoT Breach • The Pentagon Is Set to Make a Big Push Toward Open Source Software Next Year Open Source News
- 4. More Open Source News • Banks Are Increasingly Turning to Open Source Projects. Here's Why. • It’s Time to Enlist Security Champions to Fuel Agile Development • Virgin Hyperloop One Joins GENIVI Alliance • Assume Every Application is an On-Premises Application • From Consumers to Contributors: The Evolution of Open Source in the Enterprise
- 5. via MSSP Alert: Internet of Things (IoT) security bulls might not like this one: You can’t count on beating the hackers — there’s too many unsecured devices to bolt down — but you may be able to contain them. How so? By concentrating on the big stuff, according to security experts Charlie Miller and Chris Valasek, in remarks delivered at the Black Duck Software’s Flight 2017 conference in Boston. IoT Security Pros: You Can’t Beat the Hackers You Can Only Contain Them
- 6. It Wasn’t an Equifax Toaster That Stole 145M People’s Personal Data via Black Duck blog (Fred Bals): The good news? Bad guy hackers are lazy, and will move on to easier pickings when confronted with good security. The bad news? Good security is often expensive, and not necessarily a cost businesses are enthusiastic about adding to product prices and passing on to customers. Those were key takeaways from security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference.
- 7. via TechCrunch: US-CERT, the Department of Homeland Security team responsible for analyzing cybersecurity threats, has posted a warning about cyber-attacks by the North Korean government, which it collectively refers to as “Hidden Cobra.” The technical alert from the FBI and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by Hidden Cobra since 2016 to target the aerospace, telecommunications and finance industries. U.S. Government Issues Alerts About Malware and Ip Addresses Linked to North Korean Cyber Attacks
- 8. Known Security Vulnerabilities Are a Hacker's Guide to an IoT Breach via IoT Journal: More than 90 percent of the software written these days integrates open- source code. Such code is used in IoT firmware, operating systems, network platforms and applications. This trend will only continue to grow because, by leveraging open-source, developers can lower assembly costs and quickly add innovations, thereby saving months or years of originally required development time. Whether software code is proprietary or open-source, it harbors security vulnerabilities.
- 9. via the Verge: Besides cost, there are other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. The Pentagon Is Set to Make a Big Push Toward Open Source Software Next Year
- 10. Banks Are Increasingly Turning to Open Source Projects. Here's Why. via American Banker: The weakest points of most software programs are the flaws or bugs that can be exploited by hackers and cybercriminals. Recent case in point: the —$300 million worth of Ether locked in Parity digital wallets because a coder was able to poke around in Parity’s digital wallet and kill a smart contract, thus freezing all wallets that smart contract governed. The Equifax breach is another example: a weakness in an open source software package called Apache Struts allowed hackers to steal millions of sets of consumer data. (A patch was available for the Apache software, but Equifax didn’t apply it.)
- 11. via Synopsys blog (Brendan Sheairs): A traditional software security group (SSG) isn’t equipped to apply security activities to Agile development environments effectively. Applying security to agile processes requires the injection of security-related people, processes, and testing activities at a sprint tempo… So how can we inject security into Agile development? It’s Time to Enlist Security Champions to Fuel Agile Development
- 12. Virgin Hyperloop One Joins GENIVI Alliance via Business Insider: The GENIVI Alliance, a collaborative community of automakers and their suppliers developing open software for in- vehicle infotainment (IVI) and the connected car, today announced that Virgin Hyperloop One, the only company in the world that has built and successfully tested a full-scale hyperloop system, has joined the Alliance to work with the strong GENIVI ecosystem and leverage its proven history of open source software collaboration.
- 13. via Black Duck blog (David Znidarsic): If prevention or knowledge of an application’s required client-side installations is important to you, you need to do a technical analysis of what is and what is not installed; don’t rely on marketing materials and naïve categorizations. In the absence of such an analysis, assume every application you use requires some type of client-side installation. Assume Every Application is an On-Premises Application
- 14. From Consumers to Contributors: The Evolution of Open Source in the Enterprise via Computer Weekly: The 11th edition of Black Duck Software’s annual report into enterprise open source usage revealing that 66% of the 819 respondents regularly contribute to open source projects. Also, just under half (48%) said the number of individual contributors within their organisation was set to rise.
- 15. Subscribe Stay up to date on open source security and cybersecurity – subscribe to our blog today.