Open Source Insight: Hospital, Medical Devices, Banking, and Automotive Cybersecurity News
- 2. Cybersecurity News This Week
A wide spectrum of cybersecurity and open source security news in
this week’s Open Source Insight, including the need for hospitals to
ramp up their cybersecurity efforts; the need to include open source
security in any plan to secure medical devices; a major data breach at
Italian bank Unicredit; two Black Duck executives share their views on
open source security in video interviews; and why the automotive
industry many be close to an iPhone moment.
- 3. • Hospitals Face Growing Cybersecurity Threats
• The Need for Open Source Security in Medical Devices
• Details of 400,000 Loan Applicants Spilled in UniCredit Bank Breach
• UniCredit Bank: Hackers Can Access Data From 400,000 Customers
• Symphony Software Foundation Sets Out to Build a New Fintech Innovation Model
• Live from Black Hat USA 2017: Interview with Mike Pittenger of Black Duck
Software
• At Black Hat Conference, Good Guy Hackers Have a Bleak View of Us
Cybersecurity
• Black Duck CMO: 'DevOps Is Speeding Up The Way We Bring Applications To
Market'
• Is the Automotive Industry Reaching an iPhone Moment?
Open Source News
- 4. Hospitals Face Growing
Cybersecurity Threats
via NPR: Other industries, like financial services and the federal
government, have devoted more than 12 percent of their IT budgets to
cybersecurity. Health care averages just half that.
At the same time, the cost of mitigation has soared, with the average
breach costing $355 per stolen record for health care organizations.
- 5. via ITProPortal: A major driver of the technological
revolution in medical devices is software, and that
software is built on a core of open source. Black
Duck’s 2017 Open Source Security and Risk
Analysis (OSSRA) research found that the average
commercial application included almost 150 discrete
open source components, and that 67 per cent of
the over 1000 commercial applications scanned
included vulnerable open source components. The
analysis made evident that the use of open source
components in commercial applications is pervasive
across every industry vertical, including the
healthcare industry.
The Need for Open Source Security in
Medical Devices
- 6. Details of 400,000 Loan Applicants Spilled
in UniCredit Bank Breach
via The Register: Italian bank UniCredit admitted on Wednesday that
a series of breaches, undetected for nearly a year, exposed the
personal data of 400,000 loan applicants. Milan-based UniCredit said
that it had closed the breach and informed authorities while embarking
on a security audit that will likely tap into at least some of the €2.3bn
budget previously allocated towards upgrading and strengthening its IT
systems
- 7. via WinFuture (Germany): Banks do not seem to be
particularly well placed for data security in banking
apps. In a recent test carried out by the US consumer
protection organization OTA, which looked at around a
thousand websites of various financial services
providers, the banks failed to perform well. According to
an open source security and risk analysis (OSSRA) 2017
by Black Duck, an average of 52 open source
vulnerabilities could be detected in banking applications.
UniCredit Bank: Hackers Can Access
Data From 400,000 Customers
- 8. Symphony Software Foundation Sets Out to Build
a New Fintech Innovation Model
via Symphony Foundation: Recent research from Black Duck’s Center for
Open Source Research and Innovation (COSRI) shows that between 80
percent and 90 percent of the code in today’s apps is open source. While the
audit confirms universal use, it also reveals the ineffectiveness in addressing
risks related to open source security vulnerabilities and license compliance
challenges.
“This is precisely where our Foundation provides value - by offering a secure
and IP compliant, open source developer experience and software supply
chain, while maintaining the high productivity typical of modern, open source
communities and workflows,” said Peter Monks, VP of technology,
Symphony Software Foundation. “After adding OpenShift support, we plan to
continue investing in our Open Development Platform (our open source
development reference-model), to provide our community with a shared,
secure and compliant tool chain that can power open source collaboration.”
- 9. via Security Guy TV: Black Duck VP of
Security Strategy Mike Pittenger talks open
source security, IoT and more with Security
Guy TV from the Black Hat 2017 show floor.
Live from Black Hat USA 2017: Interview with
Mike Pittenger of Black Duck Software
- 10. At Black Hat Conference, Good Guy Hackers
Have a Bleak View of Us Cybersecurity
According to the Identity Theft Resource Center, the number of U.S.
data breaches so far this year hit a half-year record of 791, which is 29
percent higher from this time last year.
Amid those figures, experts seem to have a bleak view of the state of
information security. A survey of the top leaders at the Black Hat
conference found 60 percent believe a successful cyberattack on U.S.
critical infrastructure will likely occur in the next two years.
- 11. via CRNtv: CRNtv spoke with Black Duck
CMO Bob Canaway about the company's
recent collaboration with Pivotal Cloud
Foundry. Black Duck is now a tile – a
fully integrated installation package – on the
Pivotal Network, enabling the company to
secure and manage open source code for
enterprise customers.
Black Duck CMO: 'DevOps Is Speeding Up The
Way We Bring Applications To Market'
- 12. Is the Automotive Industry
Reaching an iPhone Moment?
via Black Duck blog (Rob Hawkins): We are rapidly approaching the
"iPhone moment" for the automotive industry. The vehicle will be the
next mobile application platform, and those applications are going to
be built on a foundation of open source components. If the explosion in
mobile application development that has taken place in the last decade
is any indicator, we are going to see both an unprecedented rate of
innovation in the automotive industry as well as a proliferation of
companies developing software specifically for "connected" vehicles.
- 13. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.