Open Source Dependencies

Security Awareness Month: Growing threat of open source, Hostile Takeovers

Open Source technology it literally drives most of the technology the world. Even closed source projects such as MacOS make very heavy use of Open Source. More and more electronic devices that we buy come with copies of the GPL which means there is opensource code running on more and more devices in our homes (more on IoT in another email). Open Source drives most every major project, web site, SaaS, PaaS, or any other technology that you touch on a daily basis. Open Source is powerful and amazing. It draws on the power of numbers. Anyone can be a contributor. Anyone can be review the work done by anyone else. Anyone can perform a security audit, and in many cases many people perform them and share this information helping to keep us all more secure.

Read more →

Security Awareness Month: Updates in dependencies

It’s October, and you know what that means, SECURITY AWARENESS MONTH! This year for security awareness month I’ll be writing some blog posts about security concerns. Some of these things won’t be new to everyone but they’ll be great general reminders of things happening around us in cyber security. Today we’re talking about updates in dependencies. Still lingering in everyone’s mind is the recent hack at Equifax. While the amount of data leaked here wasn’t the most impressive by a long shot the sensitivity of this data makes it quite possibly the single worst data compromise in history. The most sensitive information used to identify people was compromised and leaked. Pieces of information that simply cannot be changed like Birthday, SSN and much much more.

Read more →