The world’s appetite for open source software is voracious.

In the last year, businesses around the globe significantly increased their use of open source and although they readily acknowledge growing concerns about open source-related security and operational risks, the effective management of open source is not keeping pace with the increase in use.

Those are among the key takeaways from the 2017 Open Source 360 Degree Survey results released today by Black Duck’s Center for Open Source Research and Innovation (COSRI). The COSRI survey comprised 819 respondents primarily from the U.S. and EMEA, 74% of whom were software developers, IT operations/professionals, systems architects, development managers, and security professionals.

Nearly 60% of respondents said their organisations’ use of open source increased in the last year citing: cost savings, easy access, and no vendor lock-in (84%); ability to customise code and fix defects directly (67%); better features and technical capabilities (55%); and the rate of open source evolution and innovation (55%).

Additionally, in terms of open source’s positive impact on business, survey respondents highlighted accelerated innovation (55%) and quality improvement (44%).

Even as their organisations are embracing open source to accelerate application development and increase development agility, respondents expressed concern about license risk/loss of intellectual property (66%); exposure to internal applications to exploitation from open source vulnerabilities (64%); exposure of external applications to exploitation because of open source vulnerabilities (71%); unknown quality of components (74%); and failure of development teams to adhere to internal policies (61%).

Despite those high levels of concern, nearly half of survey respondents indicated their organisations have no formal policies for selecting and approving open source.  And just 15% indicated they have automated processes in place to manage their open source use.

Respondents gave their organisations decidedly middling marks in areas of managing and securing their open source, with slightly more than half reporting: being in compliance with associated licenses (54%); being aware of known security vulnerabilities (55%); knowing where and which open source versions are currently integrated and deployed (54%); and conforming to internal policies (44%).

“The 2017 Open Source 360 Degree survey responses correspond closely with our experience as we engage with businesses of all sizes in all industries around the world. Companies are using a tremendous amount of open source for sound economic and productivity reasons, but today most companies are not effective in securing and managing it,” said Black Duck CEO Lou Shipley. “This is surprising for a number of reasons. Today open source comprises 80% to 90% of the code in a modern application and the application layer is a primary target for hackers. This means that exploitation from known open source vulnerabilities represents the most significant application security risk most organisations face,” Shipley said. 

The Open Source 360 Degree survey results show that open source vulnerability tracking and remediation remain primarily manual processes carried out by internal resources (53%). Only 27% of respondents reported automatic identification and remediation tracking of known open source vulnerabilities.

Shipley noted that the survey responses are “also very much in line with results in the open source audits we conduct for our customers.”

Black Duck’s On-Demand business unit conducts hundreds of open source code audits annually, primarily related to merger and acquisition transactions. The recently published Open Source Security and Risk Analysis (OSSRA) report on 1,071 applications audited during 2016 found both high levels of open source usage – 96% of the applications contained open source – and significant risk to open source security vulnerabilities – more than 60% of the applications contained open source security vulnerabilities.

Notably, in that Open Source Security and Risk Analysis (OSSRA) report, audited applications from the financial industry contained 52 open source vulnerabilities per application, and 60% of the applications contained high-risk vulnerabilities. The retail and e-commerce industry had the highest proportion of applications with high-risk open source vulnerabilities, with 83% of audited applications containing high-risk vulnerabilities.

This year’s Open Source 360 Degree Survey conducted by Black Duck’s COSRI is the successor to the former Future of Open Source Survey, co-presented for many years by Black Duck and North Bridge.

A detailed presentation of the complete Open Source 360 Degree Survey results will be available on the Black Duck Website on June 22 following a COSRI webinar discussion of the survey findings.

Descartes Systems Group, the global leader in uniting logistics-intensive businesses in commerce, announced that InterPost, a long established wholesaler for international mail and the e-Commerce parcel industry, has improved the efficiency of its customs clearance service using the Descartes e-Customs(TM) solution.

"As a parcel operator, express delivery makes up a lot of our business and requires us to be operational 24 hours a day, seven days a week," said John O'Brien, Consultant at InterPost. "With Descartes' cloud-based e-Customs solution, shipments can be cleared remotely during evenings, weekends and bank holidays. This saves time and is most efficient for our operations team, resulting in cost savings that can be passed on directly to our customers."

Descartes e-Customs is a secure, cloud-based solution that helps shippers and logistics service providers submit data anytime and anywhere to Her Majesty's Revenue and Customs (HMRC) in the United Kingdom and other government agencies. The solution also provides additional modular customs management capabilities. InterPost also uses Descartes e-Customs Enhanced Temporary Storage Facility (ETSF) and New Computerised Transit System (NCTS) compliance modules.

"We're pleased to help InterPost improve operational performance and better serve its customers," said Pól Sweeney, Vice President of Sales and Business Management at Descartes UK. "Descartes e-Customs is designed to offer businesses of all sizes with international shipping requirements a customs compliance solution that is easy-to-use, scalable and always accessible."

HCL Technologies (HCL), a leading global IT services provider, announces the launch of General Data Protection Regulation (GDPR) services to help organizations comply with EU GDPR regulation. The new GDPR Regulation which is mandated to be adopted by May 2018, extends the data rights of individuals and requires organizations to develop clear policies and procedures to protect personal data and adopt appropriate technical and organizational measures.

“In the digital era, privacy, security and personalization are the most significant issues facing corporations and individual alike. Enabling GDPR compliance is not just about managing regulatory requirements but can also be a source of competitive advantage, said Maninder Singh, Corporate Vice President and Head – Cyber Security & GRC, HCL Technologies. “HCL’s industry leading solutions, IT expertise and extensive European experience working with global corporations makes the company an ideal partner in this space.”

HCL’s comprehensive privacy framework and technology solutions are aimed at helping organizations to be prepared for the new obligations and requirements that the regulation will bring. With this regulation, the EU aims to give its citizens more control over how their personal data is used as well as provide businesses with a clearer legal structure with which to operate by standardising across the EU. HCL’s new service proposition focuses on assisting the customers in following three core areas:

• Assist clients in conducting the Privacy Impact Assessment (PIA) with respect to GDPR requirements and provide the organizations with the information for their crafting the compliance plan and approach.
• In conjunction with the client’s legal & privacy compliance group, identify gaps post privacy assessment and prioritize & assist in implementing process & technology measures that organizations must consider arising from GDPR to address technology controls & compliance requirements.
• Monitor and operate compliance status through technology solutions and systems.

The EU General Data Protection Regulation (GDPR) aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The solutions involve monitoring and operation of compliance includes system operation and privacy data surveillance, enabling detection and response without delay when data infringement occurs.

HCL’s Cybersecurity & GRC services bring together Consult, Design, Build and Manage services to provide 360° resilience to enterprises. These services are offered across the domains of Infrastructure Security; Applications Security; Identity Access & Management and Governance, Risk & Compliance.

SafeCharge, the leading payments technology company, today announced that it is partnering with Tencent Holdings, the leading provider of internet value added services in China, to add WeChat Pay, the booming payment service of the Chinese messaging giant and China’s most popular social media on its global payments platform.

With more than 600 million monthly active user accounts in China at the end of December 2016, WeChat Pay is one of the most popular payment methods used by Chinese nationals today in and outside of China. A recent Counter Intelligencesurvey found that Chinese air travel to Europe increased by almost 20% in 2016, with travellers to Europe predicted to hit90m by 2025. In 2016 Chinese tourists spent $87bn via OTA platforms, up 34% year on year. 

By adding WeChat Pay to SafeCharge's global payments platform, both online and brick and mortar retailers' in Europe are now able to accept this incredibly popular Chinese payment method in their own or local currency. 

“This agreement with SafeCharge enables online merchants to offer Chinese visitors to Europe the opportunity to pay quickly and easily with their preferred payment method. Smoothing the payment experience and reducing the trouble of forex exchange means that European brands become far more accessible to Chinese tourists,” stated the Vice President of Tencent Holdings. 

"SafeCharge continues the rapid development of its innovative payment platform. By making WeChat pay available for retailers both online and in store, we demonstrate again our commitment to serve the world’s most demanding merchants looking for a strong global omnichannel payment solution," stated David Avgi, CEO, SafeCharge."

 Finastra and IBM (NYSE: IBM) have reached an agreement to explore how the two companies can help customers transform their banking operations with IBM Cloud and Cognitive technologies. Finastra and IBM plan to bring IBM technology into the Finastra open architecture to enrich the digital retail banking experience and bring new innovations to market.

As part of the collaboration, Finastra intends to run its FusionBanking Essence core and digital solution on IBM  Cloud. The companies will also work towards collaborating on both a Financial Crime and a Blockchain-based offering, and IBM plans to support Finastra as it develops retail banking proof of concepts and product demos, including provisioning multiple Watson APIs to infuse cognitive capabilities into its products.

“Our collaboration with Finastra brings together two long-standing industry leaders with a combined 80 years of experience in financial services, said David Wilson, Vice President, IBM Cloud Business Partners. “We envision using our combined strengths to impact more organizations, from the largest banks to the newest crowdsourcing lender, to help them harness the disruptive power of cloud, cognitive and data.”

As part of the collaboration, IBM and Finastra will share thought leadership, developer and architecture resources around IBM Cloud, Watson and Blockchain technologies in order to create innovations that result in joint revenues through large scale transformational client engagements.

“More than a simple sales agreement, this pairing brings a new dimension to our relationship with IBM and creates an opportunity to build a platform for the banks of today and tomorrow,” said Nadeem Syed, CEO at Finastra. “Our open architecture and open approach enables us to embrace a wide ecosystem of partners, and as we enter a new era of banking where collaboration is a must, our relationship with a dominant player like IBM can extend our product offering and enable clients to access enhanced transformation capabilities.”

According to Gartner*, “The use of APIs in a number of domains, such as cloud computing, integration, application rationalization and mobile development, is well-established. APIs enable modularity in large software systems. In turn, modularity enables complex systems to scale, evolve and interoperate. In the past, APIs were an afterthought in the process of building and delivering solutions. But as IT environments have grown more complex, API management has become a discipline in itself, supported by an ecosystem of tool vendors and professional services firms.”

The FusionFabric.cloud architecture and open APIs from Finastra make it possible for IBM to incorporate its technology and cognitive capabilities directly into the Finastra banking solution. FusionFabric.cloud enables banks, Fintechs, consultants and students to collaborate in an app ecosystem for financial services.

Avaloq, an international fintech company and a leader in integrated and comprehensive banking solutions, announces that it has completed its transaction whereby global private equity firm Warburg Pincus acquires a 35% stake in the group.Under the partnership announced on 22 March 2017, Avaloq will be able to capitalise on Warburg Pincus’ expertise and network in the financial services and fintech sectors to accelerate the company’s long-term growth and value creation strategy. 

The Avaloq group is an internationally leading fintech company. With its core banking software, the Avaloq Banking Suite, and its international network of BPO centres, Avaloq brings trustworthy and efficient banking to the world, delivered through great user experience.

With its integrated BPO services, Avaloq is the only independent provider for the financial industry to both develop and operate its own software.

Avaloq’s growing ecosystem comprises:

§  Over 2’000 employees (FTEs) from 66 nationalities;

§  3 R&D centres in Zurich, Edinburgh and Manila, and 3 BPO centres in Lugano, Singapore and Berlin;

§  More than 500 third-party developers that co-innovate with Avaloq;

§  155 banks and wealth managers in the most important financial centres worldwide which have chosen Avaloq technology to manage client assets worth over 4’000 bn CHF;

§  270 Raiffeisen banks in Switzerland which are served by ARIZON, a joint-venture of Raiffeisen Switzerland and Avaloq with over 300 employees

Headquartered in Switzerland, Avaloq has branches in Berlin, Edinburgh, Frankfurt, Hong Kong, Leipzig, London, Lugano, Luxembourg, Madrid, Manila, Nyon, Paris, Singapore, Sydney and Zurich. 

Sepaga EMI, licenced by the central bank of Cyprus to provide financial services for liquidity and foreign exchange, has integrated AU10TIX 2^nd generation ID authentication and onboarding cloud services. The AU10TIX BOS platform which already powers global majors will help Sepaga streamline customer acquisition, while strengthening fraud protection and KYC compliance and improve operating efficiency. 

With AU10TIX 2^nd generation automation in place, Sepaga can offer its clients simpler, quicker onboarding while enabling robust ID fraud prevention and KYC compliance. As a provider of international business companies offering a range of financial solutions for global payments, global receipts and secure transaction services, Sepaga benefits from a particularly wide coverage of ID document support, including multi-lingual support (incl. Chinese, Japanese, Cyrillic, Hebrew). Sepaga and its clients also benefit from the only operational 2^nd generation ID document authentication and onboarding on the market today. Same technology already powers some of the world's biggest names, and is widely considered the imminent market standard for Secure Customer Onboarding in regulated markets. Utilizing latest machine-learning and deep-learning algorithms, AU10TIX BOS can handle borderline image qualities and detect sophisticated ID forgery and counterfeiting attempt considerably faster and better than conventional solutions. AU10TIX BOS is the only 100% automated end-to-end automation of ID recognition, deep-authentication and record generation available today.

“We chose AU10TIX since key features of our services are delivering efficiencies, superior customer experience and security.” says Ms. Elena Kontou, Chief of Operations at Sepaga EMI: “Having intensively tested the AU10TIX technology we have established that it is simply superior to any other solution checked. This superiority was demonstrated across all key parameters: Performance, depth and breadth of authentication, processing speed and simplicity of use. In the test of real performance testing we have chosen the best solution out there. Best for our customers and best for us.”

A new collaborative report, released today by Cifas, the UK’s leading fraud prevention service, and LexisNexis® Risk Solutionsan information solution provider that helps organisations assess, manage and predict risk and part of RELX Group, highlights that company directors are one of the most at-risk groups for identity fraud. Nearly 19% of identity fraud victims are company directors, this is despite company directors comprising less than 9% of the UK’s population.

Furthermore, the report also identifies a trend where identity fraudsters targeting company directors are attempting to obtain credit files as a pre-cursor to committing identity fraud. Nearly half (47%) of recorded identity frauds involving the fraudulent procurement of credit files from company directors took place in London and the South East, with 28% coming from the capital. This contrasts sharply with comparatively safe regions such as Wales and the North East which accounted for just 2% of these fraud cases respectively.   

The report utilises research spanning three and a half years of impersonation data extracted from the Cifas National Fraud Database, which contains the details of impersonation recorded by its member organisations, and further qualified with additional data provided by LexisNexis Risk Solutions.

Not only were company directors statistically more likely to be victims of fraud, but as with other victims they were also found to be at risk from multiple impersonations, with 17% of director-level victims suffering impersonation fraud more than once across the three and a half year period. This comes at a time when identity fraud is at an all-time high, having risen by over 68% since 2010 to almost 173,000 individual cases in 2016.

The report also shows that company directors who fell victim to fraud were likely to be younger than other groups who were impersonated. Nearly a third (28%) of director-level fraud victims were in their 30s. This contradicts any notion that identity fraudsters deliberately target older people based on their perceived affluence and status in life and instead find greater success with younger generations who are likely to have a typically larger digital footprint.

Lady Barbara Judge CBE, Chairman of Cifas, commented on the report:

“With almost one in every two crimes a fraud or cybercrime, company directors are increasingly aware of the need to have the right systems and processes in place to protect their staff and customers from this growing threat. This research reveals that they themselves are at increased risk of identity fraud in comparison to the rest of the UK. 

“There will always be more publicly available information about you if you run your own business compared to other individuals. I however would encourage company directors to do as much as possible to separate their personal and company personas. Limit the personal information you share on social media and professional networking sites, and proactively check your credit file and your accounts. The quicker you spot that your details have been used fraudulently, the easier it will be to limit the damage caused.”