Posted on 08/18/2012 11:59:23 AM PDT by ShadowAce
One of the biggest lies told about open source is that it's insecure.
In letting just anyone use your code, that has to include the bad guys. They're bound to find a way to compromise it, the thinking goes.
But that's not the way it works in real life. Having every potential victim working on your neighborhood code watch turns out to deliver more security, not less.
Having everyone who might be the victim of an online break-in organized, finding bugs, writing and testing fixes, constantly improving security tools, works.
Don't believe me? Well, maybe you'll believe the National Security Agency or the Department of Homeland Security. The open source process works for them, too.
For a decade, one of the most popular intrusion prevention and detection systems has been Snort, created by Martin Roesch. But the company he built around that software, Sourcefire, only gives away the basic package. If you need extensions, if you want a more complete system, you have to pay. That code is controlled by Sourcefire.
There is nothing unusual in that. Many open-source businesses create free community and paid "enterprise" editions of their software. This is what Red Hat(RHT) is all about -- you can download Fedora Linux free or buy Red Hat Enterprise Linux. In both cases you get to see the code, but with the paid version you get the support needed to run it professionally.
But this model didn't work with Snort. The Department of Homeland Security, the military, and the NSA could not be "held hostage" to Sourcefire for improvements to the code, or for the specialized suite needed to protect the nation.
So the Department of Homeland Security got together with major contractors and formed their own open source project, the Open Information Security Foundation. OISF has its own intrusion system, called Suricata, whose syntax is based on Snort, so if you are accustomed to one you can use the other.
But Suricata will be a complete system, not just a "sniffer," as intrusion detection products are colloquially known. The whole Suricata suite will be open source. This process is now expanding, as I noted here at TheStreet.com on Monday.
In May, the National Security Agency co-hosted an Open Source Security Industry Day at a Johns Hopkins facility in Fort Meade, Md. As ZDNet's Steven J. Vaughan-Nichols reported, agency people described their needs for open source and urged suppliers to include open source in their offerings.
John Weathersby of the OSS-Institute, which is now affiliated with Georgia Tech in Atlanta, told me most of the day was devoted to small "breakout" sessions, where contractors answered hard, detailed questions put to them by key government customers. The affair wasn't just a series of sales pitches, he said. It was the first step in a negotiation.
Among the open source projects the NSA supports is Security Enhanced Linux (SE-Linux), for which it has developed an access control module called Flask, hosted at the University of Utah. Open source and security, in other words, do go together.
Open source can only provide tools. Procedures are also needed to assure that people maintain security. So the Cloud Security Alliance offers an integrated stack of such procedures, called the GRC Stack. GRC stands for Governance, Risk management and Compliance. This is maintained in an open process with the support of both contractors and software vendors.
Point is, open source and security do mix. They mix well. With more businesses moving toward cloud technology, much of it based on open source software, they are going to be doing a lot more mixing.
Yes, and he’ll be impeached for it and run out of Dodge, if he does get re-elected, which he shouldn’t. It’d take a complete foul-up by Romney to mess this one up.
Vote straight conservative! We must have the majority to impeach/expel/remove all the corrupt usurpers and run them all OUT!!
http://www.youtube.com/watch?v=GMk208Op1Jc
Chris Rea - Texas
DrO is in complete agreement with you two: The Marxist must go.
He’s very happy with the selection of Catholic Paul Ryan.
For now, we have ceased talking presidential politics.
:)
TYVM. My sound is awry. I’ll have to see to that in the morning. I can only see the video.
Sending *HUGS* to your Dr O..
;o)
LOL. He will accept and return!
What you said...
Yeah, the minority of FReepers carry this place.
The rest read the Drudge Report and post all day long, never actually taking a couple of minutes to read what has been ALREADY posted a half-dozen times here.
Makes me crazy...
My sons and their families, inccluding my US Marine grandson, are also with you, but they live in Kalifornia which I expect with go in the Marxist’s column.
I’ve just realized my “c” is stuck. Double cc’s in too many posts and i didn’t catch this one. Going for the cleaner right now. Looks like ice cream....oooops.
Blogs? Oh my.
I mean, it's always good policy to just stay OUT of crack houses. ;-)
Out of the 200,000 or more people who visit FR every day, sometimes many times a day, we have less than 2% of them who actually donate to help keep the site going.
BTTT
Please folks, donate something, even just $5.
Good post Sam Adams.
I finally have reached a point in my life where I can donate monthly. I’ve been here since August ‘98, so I’m starting my 15th year. Husband of Marie Antoinette, and the Lauren that we took to DC for the FreeRepublic March for Justice. That guy! Worked on the stage crew and everything.
I went through many crushing years of financial struggle, and I’m glad I can finally donate, so I signed up for the monthly.
I was really, REALLY annoyed that Romney won the nomination, but I got just as annoyed that, just when Romney is starting to show me just how much fight he has in him, and picked Ryan, the ONE GUY that has ever got in Obama’s face, that JimRob posts an anti-Romney thread that went over 4,000+ posts.
You can imagine my frustration. I’m donating to a guy that is working against the better of the two guys that are running for President. Damnit!
However, I used a link to that very thread to convert a Democrat leaning friend of a friend who is gay, and his main issue is gay marriage, and wouldn’t you know it, it worked? He’s voting Romney/Ryan.
I very nearly undid my monthly donation after the big 4k post anti-Romney thread, but I’m continuing on. Jim, I love ya man, but I have to vote for someone that can win, and it seems to me that Romney is willing to poke Obama right in the eye with a sharp Ryan-shaped stick. He can do math, and deal with reality, and I think it’s a huge step in the right direction. Gay stuff and abortion stuff is important, but right now it’s on my back burner. Save the country first then worry about stuff like that.
Good Morning onyx. Please put me on Sarah’s ping list.
Thank you.
Blessed and Happy Sunday!
Done! Thank you very much, dearest tillacum!
Hi, Jim, ‘Ace’... any chance of a ‘back door’ in any of this security hardware? ...especially that supported by USGvt?
BTW, it is great to hear you are back on your feet financially and can become a monthly contributor.
Seems that the more the technology grows the less secure we are. The systems I worked on in the Army 25 years ago were far more secure than the ones today.
Ya gotta help me out here - "already posted" (my one comment) is giving "our hard working FReepathon team members a hard time"? Really?
That's a comment that is regularly posted when a duplicate thread is found. As I was scrolling the latest posts, I saw the same graphic on several threads and the "already posted" seemed a semi-humorous throw away line.
Otherwise, I appreciate your taking the time to post your thoughts. I have heard it said that every man worth his salt thinks he can do a couple of things better than any other man -
1. Cook a steak
2. Coach a football team
I'd add a third
3. Run FR better that Jim Robinson.
All of can take a fair shot at the 1 & 2, #3 is not up for grabs.
Thanks for the ping to your strategic deliberations, Jim. It’s your creation. Do what you think best. But be sure to have a succession plan so you can eventually enjoy some years of retirement, trusting that your core values will be protected.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.