Open Source for Cyber Security
-
Upload
prabath-siriwardena -
Category
Technology
-
view
1.670 -
download
0
Transcript of Open Source for Cyber Security
Prabath Siriwardena Software Architect & Senior manager, WSO2
Free/Open Source Software, or FOSS, is software that is liberally licensed to grant users the right to study, change and improve its design since its
source code is made available
¡ The freedom to run the program for any purpose
¡ The freedom to study and modify the program
¡ The freedom to copy the program so you can help your neighbor
¡ The freedom to improve the program and release your improvements to the public, so that the whole community benefit
¡ The license should not prohibit free redistribution
¡ The program must include source code and must allow distribution in source code as well as compiled form
¡ The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software
¡ The integrity of the author’s source code and reputation must be maintained by requiring derived works to carry a different name or version number from the original software
¡ The license must not discriminate against any person or group of persons
¡ The license must not restrict anyone from making use of the program in a
specific field of endeavor
¡ The rights attached to the program must apply to all to whom the program is redistributed, without the need for execution of an additional license by those parties
¡ The rights attached to the program must not depend on the program being part of a particular software distribution
¡ The license must not place restrictions on other software that is distributed along with the licensed software
¡ No provision of the license may be predicated on any individual technology or style of interface
http://news.netcraft.com/archives/2011/01/12/january-‐2011-‐web-‐server-‐survey-‐4.html
http://www.securityspace.com/s_survey/data/man.201007/mxsurvey.html
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
Lot’s of eye balls
Lot’s of [Expert] eye balls
Lot’s of [Expert] eye balls
XML signature HMAC truncation authentication bypass DTD based XML attacks XML Signature Wrapping Attack The Java security bug
Double.parseDouble("2.2250738585072012e-‐308");
Money can’t buy the best evaluation
Money can’t buy the best evaluation
AES IPSec PPTP
¡ Absence of meticulous evaluation ¡ Spurious open source ¡ Lack of sponsorship ¡ Lack of proper documentation
¡ Nessus ¡ Snort ¡ Nagios ¡ SpamAssasssin ¡ ClamAV ¡ OpenSSL ¡ OpenSSH ¡ Ossec HIDS ¡ Wireshark