The security of open source code have been in the news lately, what with Heartbleed, Shellshock, and Poodle. And the world has been learning that open source code is now widely used everywhere, from big enterprises to small businesses. As someone who has spent many years working with open source tools, I was happy to present a webinar recently on the urgent and important issue of how to keep them secure. You can watch and hear the recorded webinar in the player below.
Topics that I talked about include how the open source world works, and how code sprawl creates opportunity for fast progress, security holes, new forks, and constellations of psuedo-related things that form a “program”. I also talk about whether the open-source model is secure. Is closed-source more secure? Does open source scale to enterprise security? I looked at a couple of recent exploits and vulnerabilities (and headlines). I also reviewed what I call the “Enterprise open-source security toolbox” which includes: Puppet/Chef – server build control/automation; Git/SVN/CVS – version your code to manage it; Surricata/Snort IDS/IPS – share rules to community; ELSA/Syslog frameworks – centralized log management; and Nessus/OpenVAS – scan your boxes.
I hope you find this webinar helpful. (Note that you may be asked to register to watch, but there is no charge, and you only have to register once to see a whole bunch of security webinars recorded by myself and my fellow researchers.)
Author Cameron Camp, ESET