Open Source for Cyber Security

Prabath SiriwardenaSoftware Architect & Senior manager, WSO2

Free/Open Source Software, or FOSS, is software that is liberally licensed to grant users the right to study, change and improve its design since its source code is made available

¡  The freedom to run the program for any purpose ¡  The freedom to study and modify the program ¡  The freedom to copy the program so you can help your neighbor ¡  The freedom to improve the program and release your improvements to the public, so that the whole community beneﬁt

¡  The license should not prohibit free redistribution ¡  The program must include source code and must allow distribution in source code as well as compiled form ¡  The license must allow modiﬁcations and derived works, and must allow them to be distributed under the same terms as the license of the original software ¡  The integrity of the author’s source code and reputation must be maintained by requiring derived works to carry a diﬀerent name or version number from the original software ¡  The license must not discriminate against any person or group of persons

¡  The license must not restrict anyone from making use of the program in a speciﬁc ﬁeld of endeavor ¡  The rights attached to the program must apply to all to whom the program is redistributed, without the need for execution of an additional license by those parties ¡  The rights attached to the program must not depend on the program being part of a particular software distribution ¡  The license must not place restrictions on other software that is distributed along with the licensed software ¡  No provision of the license may be predicated on any individual technology or style of interface

http://news.netcraft.com/archives/2011/01/12/january-‐2011-‐web-‐server-‐survey-‐4.html

http://www.securityspace.com/s_survey/data/man.201007/mxsurvey.html

http://en.wikipedia.org/wiki/Usage_share_of_web_browsers

Lot’s of eye balls

Lot’s of [Expert] eye balls

Lot’s of [Expert] eye balls XML signature HMAC truncation authentication bypass DTD based XML attacks XML Signature Wrapping Attack The Java security bug Double.parseDouble("2.2250738585072012e-‐308");

Money can’t buy the best evaluation

Money c an’t buy the best evaluation AES IPSec PPTP

¡  Absence of meticulous evaluation ¡  Spurious open source ¡  Lack of sponsorship ¡  Lack of proper documentation

¡  Nessus ¡  Snort ¡  Nagios ¡  SpamAssasssin ¡  ClamAV ¡  OpenSSL ¡  OpenSSH ¡  Ossec HIDS ¡  Wireshark

http://paper.li	13
http://a0.twimg.com	4
http://blog.facilelogin.com	4
http://tweetedtimes.com	3

Open Source for Cyber Security

by Prabath Siriwardena on Oct 19, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

4 Embeds 24

Statistics

Open Source for Cyber Security — Presentation Transcript