Getty

Digital technology company PubMatichas launched a new programmatic offering that enables connected TV (CTV) and over-the-top (OTT) ads to run seamlessly and improve the revenue that media owners get from their streaming video ads.

PubMatic co-founder and CEORajeev Goel flagged the new product earlier in the year, telling Business Insider that the company had put 40 people to work on building it.

OpenWrap OTT is a header bidding solution thatwill makeit easier for publishers to sell and advertisers to access OTT and CTV inventory.

Until now, header bidding did not exist at scale for OTT inventory.

The new product has been developed to fix problems around ad frequency, ad pods and publisher yields,while also providing a "TV-like" experience for ads in OTT environments.

Some of thead pod challengesit will solveinclude frequency capping, competitive exclusions and back-to-back ads.

An ad pod is a group of ads that play back-to-back in one commercial ad break, and the PubMatic solution is aimed at enabling marketers to better control when and how their ads run, especially not in the same pod as a competitor.

OpenWrap OTTis built on the open source software stack PreBid and will see PubMatic take on competitor, the recently merged Telaria and Rubicon Project.

PubMatic vice president of video Jonas Olsen says the solutionoffers publishers and advertisers the next phase in programmatic advertising.

The first priority for publishers and advertisers is to deliver a great, TV-like experience. OpenWrap OTT delivers for the viewer first, which in turn drives the business goals of our clients, Olsen says.

Powered by Prebid, our independent solution offers the next generation in programmatic advertising for the rapidly emerging OTT and CTV channels.

In the US, clients including Kidoodle.TV, Limpid, Glewed TV, Interpublic Group (IPG) and MediaMath have already signed on to use OpenWrap OTT.

Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at adnews@yaffa.com.au

Sign up to the AdNews newsletter, like us on Facebook or follow us on Twitter for breaking stories and campaigns throughout the day.

Read more from the original source:
PubMatic releases OTT and CTV solution to enable better video streaming ads - AdNews

1904labs, a digital transformation consulting firm, and Bayer Crop Science, a division of German life sciences company Bayer AG, have jointly released a new geospatial mapping framework to the open source community. The framework, ol-kit, is a free, easy-to-use, map component toolkit built with React and OpenLayers and is compatible with many popular open source tools in the geospatial community.

Geospatial technology has captured the attention of the public eye in the current crisis with maps being created to track Covid-19 cases, essential supplies, and more. However, many existing mapping frameworks are costly or not robust enough to meet these crucial challenges. While geospatial tools are some of the most expensive and complex software, ol-kit gives anyone these comprehensive capabilities at no cost.

Bayer and 1904labs started working on this mapping framework four years ago. Internally, the ol-kit is a backbone to many of Bayers applications for managing fields and research experiments, monitoring yields, and more. These applications gather a huge amount of data. Without the interactive map, driven by ol-kit, it would be impossible to interpret the data.

This is an important piece of functionality from which small businesses, governments and community organizations will see tremendous benefit. Contributing to the open source community wasnt something that our group had done before, but it was well worth the effort, and I cant wait to see how ol-kit is used, said Shaun Diltz, principal product manager at Bayer Crop Science.

With open source software, its core code is available for anyone to view, change or use in their own way free of charge. Typically more cost effective than proprietary software, open source software also benefits from community collaboration to make it better, more secure and stable.

Robin Carnahan, fellow at Georgetown University, and previous director of the state and local practice at the federal General Services Administrations tech consultancy team, 18F, said: Its great to see a big international enterprise and a small business collaborating to create something really valuable for the larger community and to make it freely available to them. Thats the power of open source.

As the use of location plays an ever-increasing role in our global economy, open sourcing ol-kit will enable small business and community organizations alike to leverage its geospatial capabilities to study and solve critical challenges that they previously may not have been able to afford to tackle. During the pandemic, smaller municipalities with minimal IT budgets can use ol-kits fully customizable toolkit to analyse patterns within their communities to better contain the virus. It can also be applied to provide helpful insights and chart trends in areas like census tracking, election mapping and combating natural disasters such as wildfires.

Screenshot of the ol-kit map component toolkit.

Original post:
Open Source Geospatial Mapping Software to Help Solve Real-world Problems - GIM International

Open Source Initiative (OSI) today announces it's first-ever global event, The State of the Source. The OSI invites open source communities of practice from around the world to organize and contribute to a global conversation on the current state of open source software.

"We are so very excited to host our first-ever conference, with a global approach," said OSI Board President, Josh Simmons. "State of the Source provides an opportunity for both the open source software community and the OSIall those who have contributed so muchto reflect on how we got here, why we have succeeded, and what needs to happen now."

Call for ProposalsThe Call for Proposals for sessions is open and accepting proposals through Friday, July 10, 2020! Tracks include:

For more information about State of the Source, the Call for Proposals, and Sponsorship opportunities, you're invited to visit https://opensource.org/StateOfTheSource

About Open Source InitiativeThe Open Source Initiative (OSI) are the stewards of the Open Source Definition (OSD) and the community-recognized body for reviewing and approving licenses as OSD-conformant. The OSI is also actively involved in Open Source community-building, education, and public advocacy to promote awareness and the importance of non-proprietary software. The mission of the OSI is to educate about and advocate for the benefits of open source and to build bridges among different constituencies in the open source community.

The Open Source Initiative (OSI) is a California public benefit corporation, with 501(c)3 tax-exempt status, founded in 1998. For more information, visit https://opensource.org/about

Follow the full story here: https://przen.com/pr/33347399

Read the rest here:
Open Source Initiative Presents State of the Source - Press Release - Digital Journal

TheOpen Wearables Initiative (OWEAR) is making public its software and database for wearable sensors and other related-health technologies to assist clinical research,Shimmer Researchannounced.

We are proud to announce the release of the OWEAR database, which includes the organizations initial index of open source software and datasets, together with validation papers, Geoffrey Gill, president of Shimmer Americas and an OWEAR co-founder, said in a press release.

OWEAR is a collaborative effort that promotes the use of high-quality, sensor-generated measures of health in research by openly sharing and comparing algorithms and datasets. Aggregating this information can help in the development of new therapies and the use of digital medicine.

To do so, OWEAR will serve as a community hub to index and distribute open source algorithms. It will also identify well-performing algorithms in areas of high interest, while acting as a neutral broker in their benchmarking in select domains.

The OWEAR database consists of various open-source software and data sets from wearables and other types of sensors, which provide valuable diagnostic and prognostic information on a variety of disorders.

Part of the initiative includes the upcoming launch of the public phase of OWEARs DREAM Challenges, the goal of which is to benchmark various measures of gait. Consistent and accurate gait measurements provide crucial diagnostic information about the state and progression of neurological disorders, including stroke, cerebral palsy, Parkinsons disease, traumatic brain injury, multiple sclerosis, and partial paralysis, as well as assessments of aging and cognitive function.

Measuring gait quality among Parkinsons patients has attracted considerable attention over the past decade, being used to monitor patient recovery, determine differences between normal and pathological physical signs, and to alert patients and caregivers to motor fluctuations related to the disease.

DREAM Challenges are crowd-sourced, collaborative science efforts aimed at overcoming challenges in biology and medicine. A few sponsorships for the OWEAR challenge are still available, Shimmer reports. More information is available by sending an email to [emailprotected]

Shimmer recently contributed its step-count algorithm to OWEAR. Measuring how many steps a person takes in one day is a common measure of healthy lifestyle, but because of the proprietary nature of many algorithms, data from different devices can be difficult to compare.

By donating this open source algorithm, we hope to enable clinical researchers to use the same algorithm across wearables and projects and so gain access to much richer datasets, Gill said.

Gill will talk about these OWEAR initiatives during a presentation called The Open Wearables Initiative: Helping Realize the Potential of Wearables to Revolutionize Clinical Trials set for Friday, June 11, at 11 a.m. EST. The talk is part of the Wearables and Medical IoT Interoperability and Intelligence Virtual Talk Series being hosted by IEEE. Registration for this free webinar is available here.

Forest Ray received his PhD in systems biology from Columbia University, where he developed tools to match drug side effects to other diseases. He has since worked as a journalist and science writer, covering topics from rare diseases to the intersection between environmental science and social justice. He currently lives in Long Beach, California.

View original post here:
OWEAR Opens Software and Datasets to Promote Technology in Research - Parkinson's News Today

SAN FRANCISCO, June 10, 2020 /PRNewswire/ -- In May, 2020 in San Francisco, OPPO officially joined the ranks of the OpenChain Project as a platinum member. OPPO is the first Mainland China company to join the OpenChain Project, together with industry leaders from other countries and regions such as Google, Microsoft, Toyota, BOSCH among others.OPPO will support building a greater, globally-adapted open source ecosystem by participating in the development of the open source ISO standards.

The OpenChain project is held by The Linux Foundation and was founded in October 2016. The main objective of the project is to build trust in using open-source software. The OpenChain Project makes the process of compliance with licensing open source software a simpler and more consistent process.

"With their help we are looking forward to inspiring and leading a diverse range of Chinese innovators, international manufacturers and global supply chain companies towards adoption of our industry standard", says Shane Coughlan, OpenChain General Manager. "I am looking forward to working with the team at OPPO to help ensure that companies of every size and in every market can continually have access to the most efficient, effective and appropriate approaches to managing open source."

As one of the few selected platinum members and the first one from Mainland China, OPPO was chosen not only because of its Worldwide R&D strength in the consumer electronics tech sector, but also the huge supply chain network it has built over the years. This will be beneficial to promote both open source technologies and the standards to both suppliers and end consumers, accelerating openness in technology development.

"OPPO values openness and collaboration greatly,ColorOS - its mobile operating system - is in the making to build a more open and collaborative ecosystem to developers and partners by opening source and integrating APIs." Andy Wu, Vice President and President of Software Engineering Business Unit, OPPO. "We aredelighted to join the OpenChain Project and establish a deeper engagement with the global open source community, trust with OPPO'spresence in more than 40 global markets and research institutes across the world, we will be an active member in OpenChain Project to contribute to its long-term success and adoption with fellow partners."

As the first platinum member in Mainland China, OPPO isan important company in the consumer electronics sector. From the many smartphones, they pioneered in bringing to the market like the Find X, and Reno line of devices, to the ColorOSoperating system and internet services like Heytap. OPPO strives to promote open source compliance globally, as well as in the smartphone and IoT industries.

In the future, OPPO is committed to provide strategic oversight on the governing board as well as actively assisting in steering the open source community towards continuous innovation by providing the combined experience of the over 40,000 employees in more than 40 counties and regions.

About ColorOS

ColorOS is a highly customized, efficient, intelligent, and richly designed Android-based mobile OS from OPPO. With over 350 million global users, ColorOS supports more than 80 languages, including English,Spanish, Dutch, Italian,Hindi, and Thai.

About OPPO

OPPO is a leading global smart device brand. Since the launch of its first smartphone - "Smiley Face" - in 2008, OPPO has been in relentless pursuit of the perfect synergy of aesthetic satisfaction and innovative technology. Today, OPPO provides a wide range of smart devices spearheaded by the Find and Reno series. Beyond devices, OPPO provides its users with ColorOS and internet services like HeyTap and OPPO+. OPPO operates in more than 40 countries and regions, with 6 Research Institutes and 4 R&D Centers worldwide, as well as an International Design Center in London. The recently opened, first-ever R&D centre outside of China, in Hyderabad, is playing a pivotal role in the development of 5G technologies. In line with OPPO's commitment to Make in India, the manufacturing at Greater Noida plant has been increased to 50 million smartphones per year. According to IDC, OPPO has ranked 4th among the top 5 smartphone brands in India with an 88.4% year on year growth in Q4 2019.

SOURCE OPPO

Read the original here:
OPPO became the first platinum member of the OpenChain Project from Mainland China, in Support of OpenChain becoming an ISO Standard for open source...

Launcher, an NYC startup developing the worlds most efficient rocket to deliver small satellites to orbit, started by leveraging 3D printing to develop a high-performance propulsion system. In no segment like the space industry segment, 3D printing is enabling small teams to get into the game and compete with industrial giants on getting stuff into orbit. Now the company is ready to move on to the next stage: avionics, and to do so, having established a valid and credible proposition, it was able to attract NASA JPL & SpaceX veterans Kevin Watson and Rich Petras.

Avionics includes all the ground and vehicle fault-tolerant computers, electronics, wiring, and software for guidance & control, video, radio transmission, autonomous flight termination systems, and more. 3D printing may still play a role here in prototyping PCBs and in the production of custom enclosures.

Kevin Watson will head the team as Head of Avionics. He has over thirty years designing hardware and software for rockets and spacecraft. He started his career at NASA/JPL where he developed expertise in the area of space radiation effects in complex integrated circuits. Kevin then went on to work on several JPL spacecraft and development of Mars rover technologies. When he left JPL in 2008, he was group supervisor of the Advanced Computer Systems and Technologies Group, which is responsible for providing flight computer hardware to all JPL flight missions. During his tenure at JPL, Kevin had directly worked on, or developed technologies for the Galileo orbiter, Mars Pathfinder lander, Sojourner rover, Cassini orbiter, Mars Global Surveyor orbiter, Mars Phoenix lander, Spirit and Opportunity rovers, and the Curiosity rover projects.

In 2008 Kevin joined SpaceX to lead the development of flight computers for the Falcon 9 & Falcon Heavy rockets and Dragon spacecraft. He led the overall development of the fault-tolerant computing architecture for these vehicles. In addition, Kevin personally designed all computers and networking hardware used on these vehicles. This hardware was proven to be significantly more robust than the avionics typically used in aerospace, yet one to two orders of magnitude less expensive.

Rich Petras has joined as Head of Avionics Software. He has been working in the spacecraft avionics and embedded systems field for 35 years. He has long been an advocate for open source software and commodity hardware for spacecraft applications. His interests include space systems of all kinds, autonomous vehicles and robotics.

Rich Petras started his career working on the Space Shuttle and Space Station programs in Houston at IBM Federal Systems. He developed device drivers for flight hardware and ground systems for various operating systems including DOS, Windows, OS/2 and AIX. It was here that he was first introduced to Linux in 1992.

In 1996 Rich moved to JPLs research rover group where he was the first in the group to use Linux as a development platform for rover software. At JPL Rich worked with the team that developed a common rover software architecture (Claraty) that was the basis for many of the research rovers at JPL culminating in the software used on Spirit, Opportunity and Curiosity. Rich was responsible for testing the autonomous navigation software for the MER rovers. As part of the MER rover operations team he spent several months living on Mars time and was one of 3 people to see the first images come back from Spirit.

In 2008 Rich joined the SpaceX flight software team of about 10 people. He was responsible for developing the microcontroller code for the COTS UHF Communications Unit (CUCU) and Crew Control Panel (CCP) that were used to communicate with the Dragon spacecraft as it approached the ISS. In less than 10 months CUCU went from concept to delivery to the ISS on the Shuttle. Rich also developed the ISS crew laptop software and procedures used to update the CUCU and CCP code onboard the ISS. When SpaceX developed its own fault-tolerant flight computers Rich developed the synchronization software running on a standard Linux kernel to prove that the open-source OS was capable of meeting the real-time requirements needed to control the Dragon and Falcon 9 vehicles.

Excerpt from:
Launcher moves on to develop avionics for its satellite delivery system - 3DPMN

TodayGitLab, the single application for the DevOps lifecycle, announced it has acquired Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLabs DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the first true DevSecOps platform to shift fuzz testing left with these new offerings being made available within the GitLab CI/CD environment.

We believe GitLab provides best-in-class tools for the complete DevOps lifecycle on a single platform, said Sid Sijbrandij, CEO of GitLab. Bringing the fuzzing technologies of Peach Tech and Fuzzit into GitLabs security solutions will give our users an even more robust and thorough application security testing experience while enabling them to shift security left. This simultaneously simplifies their workflows and creates collaboration between development, security, and operations teams.

Recommended AI News:The New Version of Sapiens Cloud-Based DigitalSuite Provides an Advanced Set of Digital Capabilities to Carriers

In an era where open source software (OSS) continues to exponentially gain momentum and organizations push towards a zero-trust model, enterprise security concerns grow as potential threats and vulnerabilities extend the available attack surface to a point where even the largest businesses do not have the time nor resources to effectively assess their security posture.Fuzz Testing, sometimes referred to as fuzzing, is the process of providing bad inputs to a program to find bugs, crashes, and faults that could be exploited. Successful automation of application security testing combined with a shift left DevSecOps approach empowers development and security teams to test early and often, as well as collaborate in managing and lowering the organizations overall security risk. The addition of both coverage-guided and behavioral fuzz testing into the DevSecOps toolchain helps organizations find vulnerabilities and weaknesses traditional application security testing and quality assurance (QA) testing techniques often miss as these findings may not be directly tied to a known vulnerability (e.g. CVE IDs).

Once Peach Tech and Fuzzit technologies are fully-integrated, GitLab Secure customers will no longer need to depend on standalone fuzz testing solutions to meet their application security testing needs. Instead, they will have a fully-integrated security solution, fromAuto DevOps deploymentof security testing to vulnerability management and remediation. Furthermore, these acquisitions will allow GitLab to accelerate its roadmap for interactive application security testing (IAST) by extending Peach Techs DAST API security engine and Fuzzits crash correlation technology.

Recommended AI News:Pareteum Secures $17.5 Million in Financing to Position for Future Growth

Providing GitLab users with the best security testing tools is key to GitLabs DevSecOps core mission, said Michael Eddington, Peach Tech founder and CEO. The integration of Peach Techs technologies expands GitLabs shift security left capabilities making the future of security and DevSecOps a reality today for all GitLab users.

Fully integrating Fuzzit will make GitLab the first security solution that provides continuous coverage-guided fuzz testing natively within the CI/CD pipeline, said Yevgeny Pats, Fuzzit founder and CEO. Fuzzits support for multiple coverage-guided fuzzers combined with its crash analysis and correlation technology will add an important capability to the DevSecOps for GitLab users.

With the Peach Tech and Fuzzit technologies being incorporated into GitLabs DevSecOps platform, GitLab will further accelerate its application security testing roadmap to bring developers a native and seamless experience for discovering, fixing, and remediating security vulnerabilities and weaknesses.

GitLab provides accurate, automated, and continuous assessment of your applications, which enables users to proactively identify vulnerabilities and weaknesses to minimize security risk. GitLabs Secure stage is woven into the DevOps cycle to allow users to adapt security testing and processes, not as an additional step nor tool.

Recommended AI News:Netskope Announces David Fairman as Chief Security Officer for Asia-Pacific Region

Share and Enjoy !

Read more from the original source:
GitLab Acquires Peach Tech and Fuzzit to Expand its DevSecOps Offering - AiThority

Peeling back the layers of the onion

The Tor anonymity network receives no small amount of attention from the mainstream press not least for its purported association with cybercrime and darknet drug dealings.

But what is Tor? And how secure is it? The Daily Swigasked several security and privacy experts to answer all of your questions, and many more.

Tor is an internet communication method for enabling online anonymity. The same term is commonly used to refer to both the anonymity network and the open source software that supports it.

The Tor name derives from The Onion Router the name of a pioneering privacy project run by the US Naval Research Lab.

Tor directs internet traffic through a network of thousands of relays, many of which are set up and maintained by volunteers.

Messages are encapsulated in layers of encryption, comparable to the layers of an onion. Inside the Tor network are sites, or hidden services.

Tor facilitates anonymized browsing by allowing traffic to pass onto or through the network through nodes that only know the immediately preceding and following node in a relay.

The source and destination of messages is obscured by encryption.

Tor directs internet traffic through a network of thousands of relays

The easiest way to access the Tor network is through the Tor Browser. The Tor Browser is automatically connected to the Tor network and will place all your requests through it, while ensuring anonymity.

In addition, the browser comes with an added functionality that improves your security and privacy by disabling JavaScript, automatic image, video loading and more.

The Tor Browser bundle is developed by the Tor Project, a non-profit organisation that carries out research as well as maintaining the software used by the Tor anonymity network.

The Tor Browser is currently available for Windows, Linux, and macOS. Theres also a version of Tor Browser for Android but not, as yet, an official version for iOS.

The Tor Browser is just a web browser, and you can still view the surface internet or clear web using the software.

However, the Tor Browser offers an extra level of privacy for normal web use or as a way to bypass government surveillance and censorship.

Some sites on the so-called dark web can only be accessed using Tor.

Vince Warrington, managing director of Protective Intelligence, explained: The dark web primarily those sites that can only be accessed via Tor is still generally the host to the illegal and illicit.

Whilst there are some legitimate sites (for example, the BBC now has a version of the BBC News website) our research indicates that over 95% of sites contain illegal or illicit material, he added.

While most people are only familiar with Tors use for illegal activities such as accessing online markets that sell drugs many other users access the Tor network.

These include:

Tor uses vary from bypassing censorship and avoiding online spying and profiling, to disguising the origin of traffic and hiding sensitive communications.

Tor offers anonymity, but only up to a point.

Those using the technology, and looking to keep their identity secret, also need to apply best practices in operational security (OpSec).

Charity Wright, a cyber threat intelligence advisor at IntSights and former NSA Chinese espionage expert, explained: Tor is a browser that can anonymize your network connection and your IP address that you are logging on from.

However, once you venture into illicit spaces, it is important to use pseudonyms and to hide your real name and never reveal your true location, nationality, or identifying pieces of information.

Any small clue can be used for people to find out who you are. Even more, federal agencies and law enforcement will use every detail about an online persona to find a wanted suspect, she added.

Tor is easily accessible via the Tor Browser

Tor is aimed at providing anonymous communication, but there have been numerous examples of people whose identities have been unmasked despite using Tor.

For example, The FBI recently closed a criminal case against the owner of Freedom Hosting, a dark web service that ran on the Tor network.

In addition, several research projects have shown varying levels of successful attacks that either attempted to eavesdrop on Tor-encrypted traffic or identify users.

Read more of the latest privacy news from The Daily Swig

Protective Intelligences Warrington commented: Its a myth to think that using Tor (even with a VPN) gives you total anonymity. With the tools we are using nowadays we can slowly strip back the layers of anonymity to find out who is behind the computer.

By using specialist software combined with open source intelligence basically searching the surface, deep, and dark web for small snippets of information we can build up a picture of a Tor user who is involved in illegal activity.

The era where Tor was a thorn in the side of law enforcement seems to be coming to an end.

Warrington explained: In the UK, the police and intelligence agencies have access to these tools, and the only limitation on identifying users of the dark web is resources. Theres simply not enough police dedicated to these kinds of investigations.

Tor has its limitations. Maintaining online anonymity is much more far reaching an exercise than simply using Tor.

Israel Barak, chief information security officer at Cybereason, told The Daily Swig: Tor, at its core, only gives you network level anonymity. It won't help you with applications on your computer that retain your identity and provide your identity to the internet service providers.

As an example, when an individual connects to Gmail, the computer or device you are using saves your identity, so you don't have to log on in the future.

Tor will not protect your anonymity from this, he warned.

INSIGHT How to become a CISO Your guide to climbing to the top of the enterprise security ladder

While the Tor network is designed to keep browsing habits away from service providers or webpage trackers, the most privacy-conscious users can go even further.

Boris Cipot, senior security engineer at Synopsys, added: To achieve the highest level of anonymity, one would need to get rid of any installation of OS or software with tracking, thus allowing the user to enter the Tor network with a clean slate.

This can be achieved with the use of Tails or Qubes OS, which run from a USB stick. They run fully in memory, so it is safe to use on existing hardware, but once activated, there is no trace of you.

The Tails operating system can be combined with Tor to help improve users anonymity online

Using Tor to browse the web involves accepting trade-offs.

The Tor Browser gives a user considerable anonymity advantages over other web browsers, such as Edge, Firefox, and Chrome.

While standard browsers can leak data that goes a long way to identifying the user even in private mode Tor was designed with anonymity in mind.

RELATED Firefox and Chrome yet to fix privacy issue that leaks user searches to ISPs

Tor does, however, saddle the user some significant limitations when browsing the internet.

For starters, browsing with Tor can be very slow, and so many people are unlikely to want to swap out their current browser.

Sluggish traffic speeds arise because data packets take a circuitous route through Tor, bouncing between various volunteers computers to reach their destinations.

Network latency is always going to be a problem in this scenario even if youre fortunate enough to avoid bottlenecks.

Tor also makes websites look like they were built 20 years ago, as much of the presentation and customization content of websites is stripped away by Tor, since these technologies can be used to identify the computer thats being used.

Opinions among experts are split over whether or not Tor has done much to directly affect browser development, but at a minimum the technology has done a great deal to raise awareness about privacy.

Chad Anderson, senior security researcher at DomainTools, commented: I dont know how much we can attribute back to modern browser improvements due to Tor, but I think privacy issues have certainly become more focused.

The browser shift to DNS-over-HTTPS, commonly called DoH, is a boost for user privacy and where DNS didnt work over Tor before, and in fact was an attack vector for de-anonymizing users, DoH fixes that, he added.

RECOMMENDED A guide to DNS-over-HTTPS how a new web protocol aims to protect your privacy online

Anderson continued: It used to be you could listen to traffic on a Tor exit node but now that SSL is near ubiquitous thanks to free certificates [from the likes of Lets Encrypt] thats less of an issue.

Arthur Edelstein, senior product manager for Firefox Privacy and Security, gave The Daily Swig a list of projects involving collaborations between Mozilla and Tor:

Current examples of Tors development projects include proof-of-concept work on human-memorable names, a collaboration with SecureDrop, the open source whistleblowing system based on Tor, among other examples.

Tor Project representative Al Smith told The Daily Swig: Currently, we only partnered with Freedom of the Press Foundation (FPF), but we want to continue expanding the proof-of-concept with other media and public health organizations in the future.

The Tor Project was recently obliged to lay off a third of its core staff in response to the coronavirus pandemic. The Daily Swig asked how the non-profit has sought to minimize the effect of this on development pipelines.

A representative of the Tor Project responded: Because we are now a smaller organization, we are creating more projects where different teams (e.g., Browser, Network, UX, Community, Anti-Censorship) come together and work on the same issue, instead of working in isolated groups on disparate pieces of work.

This is the approach we took to improve onion services for the Tor Browser 9.5 release, they added.

Despite the many and varied caveats about Tor the security experts we spoke to raised, none made any suggestion that the technology was unsafe.

In a typical response, Charles Ragland, a security engineer at threat intel agency Digital Shadows, explained: Generally speaking, as long as security updates are in place, and users are following privacy and anonymity best practices, yes, Tor is safe to use.

INTERVIEW Shodan founder John Matherly on IoT security, dual-purpose hacking tools, and information overload

Read more here:
What is Tor? Everything you need to know about the anonymity network - The Daily Swig

Security flaws in open source software have increased and can take a long time to be added to the National Vulnerability Database, says RiskSense.

Image: RiskSense

Open source software offers certain benefits over commercial products. As the source code is publicly available, developers can modify and tweak OSS applications to enhance their capabilities. Plus, the huge number of people who use these programs serve as a crowdsourced way to test their reliability and security. However, that doesn't mean OSS applications are immune from flaws and vulnerabilities.

SEE:SQL injection attacks: A cheat sheet for business pros(TechRepublic Premium)

In fact, when a security hole emerges in an open source product, the damage can be widely felt throughout all uses and reuses of the source code. A report released Monday by vulnerability management firm RiskSense describes the impact of security vulnerabilities on OSS.

For its report "The Dark Reality of Open Source," RiskSense found that the total number of CVEs (Common Vulnerabilities and Exposures) in OSS are on the rise, more than doubling to 968 in 2019 from 421 in 2018 and 435 in 2017. The increase doesn't seem to be an anomaly as the number of new CVEs has stayed at a high level (178) during the first three months of 2020.

Further, OSS vulnerabilities often take a long time to get added to the US National Vulnerability Database (NVD), a valued resource for information on security flaws. RiskSense discovered that the average time between the public disclosure of a vulnerability and its inclusion in the NVD was 54 days. A total of 119 CVEs had lag times of more than a year, while almost a quarter had lag times of more than a month. The longest lag time seen was 1,817 days for a critical PostgreSQL vulnerability.

The lags were observed across all severities of vulnerabilities, with critical vulnerabilities having some of the longest average lag times, according to the report. The long waits create a risk for organizations and users who rely on the NVD as a primary source for data on security bugs.

Some OSS applications are plagued with more vulnerabilities than are others. The Jenkins open source automation server had the most CVEs with 646, while MySQL came in second with 624. These two OSS products tied for the most weaponized vulnerabilities (those exploited in the wild) with 15 each. HashiCorp's Vagrant had only nine CVEs, but six of them were weaponized. Such OSS products as Apache Tomcat, Magento, Kubernetes, Elasticsearch, and JBoss all had security flaws that were popular in real-world attacks.

Among the vulnerabilities found in OSS, cross-site scripting (XSS) and input validation were among the most common and the most weaponized. XSS issues were the second most common but the most weaponized, while input validation issues were the third most common and the second most weaponized. Other vulnerabilities that were much less common yet still popular in cyberattacks were deserialization issues (28 CVEs), code injection (16 CVEs), error handling issues (2 CVEs), and container errors (1 CVE).

Image: RiskSense

On the plus side, of the 978 vulnerabilities seen in 2019, only 15, or 1.5%, were weaponized. And among the 2,694 total vulnerabilities that RiskSense tracked over the past five years from 2015 through the first three months of 2020, only 89, or 3.3%, of them were weaponized. Still, OSS vulnerabilities can be a "blind spot" for many organizations who may not be aware of all the open source projects and dependencies found in the applications they use.

"While open source code is often considered more secure than commercial software since it undergoes crowdsourced reviews to find problems, this study illustrates that OSS vulnerabilities are on the rise and may be a blind spot for many organizations," RiskSense CEO Srinivas Mukkamala said in a press release. "Since open source is used and reused everywhere today, when vulnerabilities are found, they can have incredibly far-reaching consequences."

You don't want to miss our tips, tutorials, and commentary on the Linux OS and open source applications. Delivered Tuesdays

Read more:
How open source software vulnerabilities create risk for organizations - TechRepublic

OWEAR database includes the organizations initial index of open source software and datasets, together with validation papers

Shimmer Research, a global leader in wearable technology for research applications, today announced that the Open Wearables Initiative (OWEAR) has uploaded its open-source software and datasets database for wearable sensors and other connected health technologies to its website atwww.owear.org.

We are proud to announce the release of the OWEAR database, which includes the organizations initial index of open source software and datasets, together with validation papers, said Geoffrey Gill, president of Shimmer Americas and an OWEAR co-founder. This is an evolving resource and we are actively encouraging researchers to continue to register algorithms and datasets atwww.owear.orgso we can achieve our shared goal of creating high-quality, sensor-generated health measures that can help streamline drug development and enable digital medicine.

Shimmers latest OWEAR contribution is its step-count algorithm. There are so many proprietary step-counting algorithms in use, which generate different results from the same data, that clinical researchers cannot compare data across studies employing different wearable sensors. By donating this open-source algorithm, we hope to enable clinical researchers to use the same algorithm across wearables and projects and so gain access to much richer datasets, explained Mr. Gill.

OWEAR is also launching the public phase of aDREAM Challengewhich will benchmark measures of gait later this year. Generating accurate and consistent gait assessments is extremely important because they serve as a diagnostic and prognostic tool for neurological conditions, such as stroke, cerebral palsy, Parkinsons disease, traumatic brain injury, multiple sclerosis, and partial paralysis; a general assessment of aging; and as a proxy for assessing cognition.

DREAM Challenges crowdsource solutions to important biomedical and bioinformatics research problems, and then evaluate the solutions objectively to identify the best one. A few sponsorship opportunities remain for this first OWEAR DREAM Challenge.

Mr. Gill will discuss these OWEAR initiatives further during his IEEE Wearables and Medical IoT Interoperability & Intelligence (WAMIII) Workshop presentation entitled The Open Wearables Initiative: Helping Realize the Potential of Wearables to Revolutionize Clinical Trials at 11 a.m. ET on June 11. Registration for this complimentary webinar is available athttps://standards.ieee.org/events/wamiii/virtual-talk-series-2020.html.

Original post:
OWEAR release Open Source Software and Datasets Database for its website - BSA bureau