Key cybersecurity and open source insight this week: The Internet of Things (IoT), pacemakers, and driverless/semi-autonomous vehicles (aka connected cars).

1. Open Source Insight:
IoT, Medical Devices, Connected Cars
All Vulnerable to Hackers
By Fred Bals, Senior Content Writer & Editor

2. The Internet of Things, pacemakers, and
driverless/semi-autonomous vehicles
were all in cybersecurity news this week.
And if that doesn’t get your pulse a-
racing, take a gander at threat vectors
such as electronic bank
robberies, digitally enabled high-seas
piracy and cyberattacks against electrical
grids (all real crimes, I kid you not).
Cybersecurity News This Week

3. Cybersecurity News This Week
In other news, Google released the latest
stable version of Chrome this Monday,
which includes patches for 30
vulnerabilities, including five high severity
issues (which incidentally earned four-figure
bounties for their reporters).
More open source security and
cybersecurity news follows…

4. • Open Source Security and the Internet of Things
• Are Medical Devices the Next Ransomware Target?
• Cybersecurity Is Dead
• As Open-Source Adoption Skyrockets in Enterprise, Linux
Addresses Ease of Use
• Electronic Setups of Driverless Cars Vulnerable to Hackers
• Why Car Companies Are Hiring Computer Security Experts
• Six Entrepreneurs, One Question: 'Talk About Your Best
Moment as a Manager'
• Encryption Technology in Your Code Impacts Export
Requirements
Open Source News

5. Open Source Security and
the Internet of Things
via IoT Now: As open source use continues to
increase, effective management of open source
security risk is increasingly important. But in the
rush to bring IoT devices to market, manufacturers
are often giving insufficient attention to the
additional security exposures created when systems
become increasingly connected.

6. via Cloud + Enterprise Technology: Given that
open source is at the core of commercial
application development, it should be no
surprise that almost all — 96 percent — of the
applications scanned in the COSRI
analysis utilised open source, with the
respective applications having nearly 150
unique open source components on average.
What may come as a surprise was that 67
percent of the applications containing open
source also had known vulnerabilities, and
legal risks were even more widespread.
The Need to Manage Open Source
Vulnerabilities and Licence Risks

7. via Black Duck blog (Mike Pittenger): All four
pacemakers examined contained open source
components with vulnerabilities, and roughly
50% of all components included vulnerabilities.
Most shockingly, the pacemakers had
an average of 50 vulnerabilities per vulnerable
component and over 2,000 vulnerabilities per
vendor.
Are Medical Devices the
Next Ransomware Target?

8. Cybersecurity Is Dead
via Forbes: Unsurprisingly, ransomware is exploding in
popularity, as the low-cost, easily usable malware proves
continually effective at extracting money. But there are
grander threat vectors looming: crimes such as electronic
bank robberies, digitally enabled high-seas
piracy and cyberattacks against electrical grids are not
science fiction premises; rather, they are real crimes that will
only grow more common.

9. via siliconANGLE: Open source technology is
not just a tool for developers anymore. Two 2016
surveys highlight the prevalence of open-source
adoption for businesses of all sizes. Both
surveys indicate that around 90 percent of
respondents — comprised of enterprise, mid-
market and small businesses — have all entered
into the open-source ecosystem.
As Open-Source Adoption Skyrockets in Enterprise,
Linux Addresses Ease of Use

10. Electronic Setups of Driverless Cars
Vulnerable to Hackers
via NY Times: In 2014, for example, some curious Tesla Model
S owners did some tinkering and claimed to have discovered a
customized version of a type of Linux software called Ubuntu.
Ubuntu 10.10 was first released in October 2010 and has not been
supported since December 2014. “In effect, that means the
operating system in your car was deprecated before you bought it,”
Mr. Rogers said.

11. via NY Times: But as more driverless and
semiautonomous cars hit the open roads, they
will become a more worthy target. Security
experts warn that driverless cars present a far
more complex, intriguing and vulnerable
“attack surface” for hackers. Each
new “connected” car feature introduces
greater complexity, and with complexity
inevitably comes vulnerability.
Why Car Companies Are Hiring
Computer Security Experts

12. Six Entrepreneurs, One Question: 'Talk
About Your Best Moment as a Manager'
via BostInno: From Lou Shipley, CEO,
of Black Duck Software, “It was so
cool to start something from scratch
and see it grow. But it’s bittersweet as
well. That’s when it’s time to go create
something else.”

13. via Black Duck blog (Phil Odence): US export
laws require companies to declare what
encryption technology is used in any
software to be exported. The use of open
source makes complying with these
regulations a tricky process.
Encryption Technology in Your Code
Impacts Export Requirements

14. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.