Some interesting topics in this week’s Open Source Insight, including news that Equifax knew about its security issues more than a year before the fact. We also look at the use of AI for open source management; the ticking time bomb that is IoT security; a preview of the Legal track at Black Duck FLIGHT 2017, and to round out the month, we offer a fun infographic in the spirit of Halloween.

1. Open Source Insight:
AI for Open Source Management, IoT Time Bombs,
Ready for GDPR?
Fred Bals | Senior Content Writer/Editor

2. Cybersecurity News This Week
Some interesting topics in this week’s Open Source Insight, including
news that Equifax knew about its security issues more than a year
before the fact. We also look at the use of AI for open source
management; the ticking time bomb that is IoT security; a preview of
the Legal track at Black Duck FLIGHT 2017, and to round out the
month, we offer a fun infographic in the spirit of Halloween.
Read on for the best open source security and cybersecurity news
from around the Web!

3. • Breaking: Equifax Knew of Security Flaws
Months Before It Was Hacked
• Artificial Intelligence for Open Source Risk
Management
• How to Address the IoT Security Ticking Time
Bomb
• Don’t Let Open Source Vulnerabilities Haunt You
This Halloween
• Open Source Helps Healthcare Orgs Adapt to IT
Advancements
Open Source News

4. More Open Source News
• Legal Minds Examine Open Source Management at FLIGHT
• Google, Cisco and Sprint Back ARM IoT Security Framework
• What Job Are You "Hiring" Open Source Software Authors
to Do?
• Examining The Three Classes Of Cybersecurity Needs
• GDPR: Are You Ready for Data D-Day?
• Successfully Navigating Open Source Software Issues in
M&A

5. via Motherboard: Last year, a security researcher alerted
Equifax that anyone could have stolen the personal data of
all Americans. The company failed to heed the warning.
Breaking: Equifax Knew of Security Flaws
Months Before It Was Hacked

6. Artificial Intelligence for Open
Source Risk Management
via Black Duck blog (Baljeet Malhotra): On a given day, our
security experts at Black Duck could end up analyzing tens of
vulnerabilities to make the consumers of affected open source
solutions more secure. In this context, we are using AI solutions to
help our security experts conduct vulnerability analysis at a large
scale quickly and accurately.

7. via Tech Target: It ranges from challenging to
impossible for OEM development teams and
their third-party software suppliers to accurately
and effectively track all open source software
components in their code. Especially when their
main focus is to concentrate on developing
higher-order systems.
How to Address the IoT Security
Ticking Time Bomb

8. Don’t Let Open Source Vulnerabilities
Haunt You This Halloween
Black Duck Infographic: Software
exploits are scary. Personal data exposed,
medical devices called into question,
connected cars hijacked—these are just
some of the frightening things that happen
when software vulnerabilities are
exploited.

9. via HIT Infrastructure: Vendors are adding
open source capabilities to their tools to add
much needed IT infrastructure flexibility. The
more tools and devices organizations add to
their IT infrastructure, the more unique an
ecosystem becomes. That is why open source
fits more complex environments.
Open Source Helps Healthcare Orgs Adapt to
IT Advancements

10. Legal Minds Examine Open Source
Management at FLIGHT
via Black Duck blog (Kiara White): Join us at Black Duck
FLIGHT 2017 and learn strategies from general counsels and
legal firms that can help clients understand code integrity, identify
open source licenses and surface security vulnerabilities, and
review what measures legal firms should take to protect client
data. Our legal and compliance sessions will be led by both Black
Duck experts and practicing attorneys with keen insights into how
open source fits into today's business environment.

11. via SDX Central: When it comes to securing Internet of
Things (IoT) devices, “no device should be left behind,”
says Paul Williamson, VP and GM, IoT Device IP at
ARM. To this end, the U.K.-based silicon chipmaker
developed an industry-wide framework for building
secure, connected devices.
Google, Cisco and Sprint Back ARM
IoT Security Framework

12. What Job Are You "Hiring" Open Source
Software Authors to Do?
via Black Duck blog (David Znidarsic): What job does your
company “hire” an open source author to do? That’s an easy one: an
open source software author is “hired” to develop, test, and maintain
software for your company, but how often do you think about their role
in that way?

13. via Forbes: September 2017 witnessed a trifecta of mega-
breaches: Equifax, SEC and Deloitte. Cybersecurity was
already a messy and technical topic, and these disclosures
have made it even more perplexing. There are hundreds of
security product vendors, and the industry is collectively
spending billions of dollars every year and is expected to top
$100 billion by 2020. So why is it so hard for organizations to
get their act together and prevent breaches? What exactly are
we missing?
Examining The Three Classes Of
Cybersecurity Needs

14. GDPR: Are You Ready for Data D-Day?
via Drapers: With seven months to go
until the General Data Protection
Regulation comes into effect, retailers
are starting to make preparations for an
information sea change.

15. Successfully Navigating Open Source
Software Issues in M&A
via Black Duck (Webinar): The continued
growth in the use of open source software
underscores the importance of thorough
software due diligence. This webinar examines
key open source software-related issues and
deal points in M&A, licensing and other
transactions.

16. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.