The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Synopsys, Inc. released the report, DevSecOps Practices and Open Source Management in 2020, exploring the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.
Open-source intelligence (OSINT) is having a moment. Just a few years ago, presentations on OSINT began with a quote from one of a few different senior intelligence community officials who reportedly said that somewhere between 80-90% of valuable information comes from public sources. Many presentations today start similarly, but OSINT no longer needs the validation of government greats. Films like Searching and Don’t f**ck with Cats have introduced the discipline to a wider audience, organizations such as Trace Labs host popular OSINT competitions for the common good, and the investigators associated with the website Bellingcat are now media fixtures.
The Information Security Forum has announced the release of Deploying Open Source Software: Challenges and Rewards, helping security professionals recognize the benefits and perceived challenges of using OSS and set up a program of protective measures to effectively manage OSS.
Extending the perimeter by instituting a corporate security intelligence program enables companies and organizations to stay well ahead of threats and often helps inform strategic and operational decision-making.
A new Synopsys report highlights trends and patterns in open source usage within commercial applications, and provides insights and recommendations to help organizations better manage open source risk from a security, license compliance, and operational perspective.
It can be expected that costs associated with cybercrime will rise in the near to medium term and have a material impact on the global economy – while putting individual citizens’ and corporations’ important data at risk by cyber criminals. Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools as well as new legislation being enacted in the European Union, the estimated costs due to cybercrime may be conservative.