This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.

1. Open Source Insight:
Security Breaches and Cryptocurrency Dominating News
Haidee LeClair | Digital Marketing Communication Manager

2. Cybersecurity News This Week
This week in Open Source Insight we examine blockchain security and
the cryptocurrency boom. Plus, take an in depth look at open source
software in tech contracts with a legal expert from Tech Contracts
Academy, Adobe Flash Player continues to be a security concern, the
Open Source Initiative turns 20, and step by step instructions for
migrating to Docker on Black Duck Hub. Cybersecurity and security
breach news also dominates this week, as Synopsys examines
security breaches in 2017 and how they were preventable.
Read on for more cybersecurity and open source security news.

3. • Blockchain Security and the Cryptocurrency Boom,
Part 1: Theory
• Open Source Software in Tech Contracts – 1. Intro
• Adobe Flash Player Zero-day Spotted in the Wild
• Open Source Initiative Turns 20
• Migrating to Docker on Black Duck Hub
• Enterprises Need a Software Security Program
Open Source News

4. More Open Source News
• New Reports Detail How Most 2017 Security Breaches
Were Easily Preventable
• Four Key Questions for Automotive Cybersecurity
• Equifax's Data Breach Sins Live on to This Year's Tax
Season
• Infographic: What do the 4 CISO tribes say about
software security in your firm?
• Tackling Security with Container Deployments

5. via Synopsys Software Integrity blog: For the
millions who have invested (or are considering
investing) in cryptocurrencies such as Bitcoin,
Litecoin, Ethereum, and the ever-growing list of alt-
coins, little has been mentioned about the software
and the infrastructure on which these
cryptocurrencies are based. With all early adoption
of technology, there is risk, so there’s a natural
inclination to question the security of blockchain and
the potential for cyber attack against it.
Blockchain Security and the Cryptocurrency
Boom, Part 1: Theory

6. Open Source Software in Tech
Contracts – 1. Intro
via Tech Contracts Academy: Contract drafters rarely
understand open source software (OSS). They see it as a threat,
so when they’re buying software, they try to exclude OSS from
their vendors’ products. In most cases, the concern is misplaced.
Software licensees may have good reason to worry
about copyleft software, which is one type of OSS. But other
open source software poses no real threat. Plus, even copyleft
should cause far less concern than it often does. And most
standard contracts already have IP terms that address copyleft
pretty well.

7. via Threatpost: According to the South Korean
Computer Emergency Response Team (KR-CERT),
the zero-day is believed to be a Flash SWF file
embedded in MS Word documents. Impacted is
Adobe’s most recent Flash Player 28.0.0.137 and
earlier... Adobe released a security advisory on
Thursday acknowledging the vulnerability and attacks.
Adobe Flash Player Zero-day
Spotted in the Wild

8. Open Source Initiative Turns 20
via ADT Mag: Also, as part of the celebration, the OSI is
launching OpenSource.Net, which will serve both as a community
of practice and a mentorship program. "The goal is to further
promote adoption of open source software over the next twenty
years as issues shift from open source's viability/value to issues
around implementation and authentic participation," the Web site
reads.

9. via Black Duck Blog (Charlie Klein): Before Black
Duck began leveraging Docker, customers utilized
the App Manager Install Method to deploy the Hub.
The Hub now deploys as a set of containers, so
customers need to install Docker to take advantage
of updates to the application. By the end of this
guide, you'll have a basic understanding of how to
migrate the Hub to a containerized environment, as
well as the benefits of using containers.
Migrating to Docker on Black Duck
Hub

10. Enterprises Need a Software
Security Program
via App Developer Magazine: The answer to the “why” enterprises
need a software security program question is pretty straightforward.
There are no circumstances under which any but the smallest firms
can expect a collection of independent activities - a pen test here, an
hour of training there, some free tools that may or may not work as
advertised - will consistently result in appropriately secure software.

11. via Synopsys Software Integrity blog: Whatever the
actual count, the trend is the same—a major increase
in breaches year after year. While that is offset a bit by
a bit of good news – the Ponemon Institute’s
finding that the average cost of a data breach incident
worldwide in 2017 declined to $3.62 million, or by 10%
from 2016, the United States bucked the trend, with a
5% increase to $7.35 million that put it at about double
the worldwide average.
New Reports Detail How Most 2017 Security
Breaches Were Easily Preventable

12. Four Key Questions for
Automotive Cybersecurity
via IoTNow Transport (Mike Pittenger): According to research
conducted by Black Duck’s Centre for Open Source
Research&Innovation, 23% of the code in the average automotive
application is open source. Open source enters in-vehicle applications
through a variety of paths. Automobile manufacturers rely on a wide
range of component and application suppliers, who build solutions with
open source components and extend open source platforms.

13. via The Hill: As you prepare your taxes this year, think
of Equifax. Why? If you were one of the 145 million
Americans who had their personal information breached
at Equifax last year, you could become a victim of tax
fraud.
After the breach, there were a flurry of articles advising
people to place credit freezes on their accounts and set
up fraud alerts at each of the credit bureaus. This is good
advice, but it does not prevent scammers from filing with
the IRS using your Social Security Number and
requesting fraudulent tax returns in your name. All you
can do to protect yourself from tax identity theft is file as
early as possible, so identity thieves don’t file before you
do.
Equifax's Data Breach Sins Live on to This Year's
Tax Season

14. Infographic: What do the 4 CISO tribes say about software security
in your firm?
via Synopsys Software Integrity blog: Where does software security
really fit into your firm? We recently decided to conduct a study to find
out. Gathering data in a series of in-person interviews with 25 chief
information security officers (CISOs), our aim was to understand their
strategies and approaches. The 2018 CISO Report presents the
research findings.

15. via Informatik Aktuell (Tim Mackey): Container
technologies are the next step in moving from
physical, single-use computing resources to
more efficient, multi-tenant virtual infrastructures
that can run in legacy IT environments and in the
cloud. Among other benefits, containers are
ideal for continuous integration and continuous
delivery environments designed to accelerate
development and further optimize the path
between development and production
environments.
Tackling Security with Container
Deployments

16. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.