How does GDPR impact open source security expectations?

Your inbox is probably jammed full of emails talking about GDPR, the European Union’s comprehensive data privacy regulation regime that is set to come into effect on May 25.

The driving force behind GDPR is to formalize data protections across the European Union, giving citizens better control over how their data is handled, guarding them from abuse. A large component of this is to set expectations for companies regarding how they handle user data, whether they fall into the categories of data processor or controller.

This is hardly the first time that the EU has issued regulations on data and privacy, but it is causing such waves of stress globally because it forces all organizations that have EU citizens’ data to be compliant, regardless of where in the world they are located.

The past decade has seen an explosion in the amount of data that organizations are collecting on users. Beyond simplistic details like names and emails, many companies hold personally identifiable information (PII) like our addresses, social security/national identification numbers, and other bits that can be used to commit wide scale fraud. This is not to mention financial information like credit card numbers that are commonly stolen from poorly protected databases, sold on the dark web and other corners of the internet.

Amidst the scramble to make sure that your organization is compliant, cleaning out excess data and notifying your loyal customers, you might be missing out on one of the most important aspects of the regulation — namely keeping your applications secure.

Breaking Down the Role of Open Source in Application Security

Applications are the interfaces that allow us to access data, making them a prime target for attackers. Research by the Global Risk Management Survey in 2016 found that 84% of cyber attacks target the application layer, (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at:

Gabriel Avner

Gabriel Avner

Gabriel is a former journalist who loves learning and writing about the cat and mouse game of security. These days he writes for WhiteSource about the issues impacting open source security and license management and training Brazilian Jiu-Jitsu.

gabriel-avner has 19 posts and counting.See all posts by gabriel-avner