Anyone who has ever been to a security conference can testify that hackers are lovely. This might surprise some people given the competitive (and sometimes ego-driven nature) of our field, but it’s true.
I was at DefCon last year (as I am most years) and was struck by the wonderful, perhaps even familial nature of the proceedings. It was hot and crowded. Most people were jet-lagged and exhausted. Despite that, I still saw older, more seasoned members of the community enthusiastically showing newcomers the ropes. People were collaborating, and shared candidly what they had learned in the previous year. It was a beautiful sight.
But what I love most about the security world is that the spirit of mutual cooperation doesn’t end when the conferences do. This manifests itself in the tools that we, as security professionals, depend upon in our day-to-day business.
So much of our tool-belts consist of applications which were created by companies and individual members of the community, and subsequently released under open-source licenses without any expectation of payment.
You probably know many of these - OpenVAS, the Metasploit Framework, and WireShark are three great examples of open source security products which most of us use.
There are a number of reasons why InfoSec and open source are great bedfellows. Perhaps the biggest is that it’s completely democratized the security field. You can be working for a large consultancy firm with offices in all six continents, or you can be an independent researcher working from your bedroom, you’re still going to be working with the same kit. Unlike many other fields, money isn’t much of a barrier to entry when it comes to security.
The adoption of Open Source has also meant that the tools we use are in a perpetual state of improvement. Pull requests are filed. Bugs are rapidly quashed. Performance issues are fixed. This happens because anyone who is so inclined can contribute to the tools they use.
Given that this is an AlienVault blog, I’d be remiss if I didn’t mention some of the work we do with open source.
Take our Open Threat Exchange (OTX), for example, where thousands of security researchers share information on emerging security threats through our cloud platform. Many of the tools associated with it, such as our SDKs (software development kits) and connectors, are available through our corporate Github page.
Of course, perhaps our most well-known open source product is AlienVault OSSIM, which is available to download from our website, and is licensed under the permissive Gnu Public License (GPL) version 3.
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility. OSSIM also leverages the power of OTX by allowing users to both contribute and receive real-time information about malicious hosts.
We, continue to develop OSSIM because as a company, we see this as part of our social responsibility. We believe that people are ultimately more secure when they have the tools to defend themselves, and that everyone should have access to high-end security tools, regardless of their means.
But it’s worth noting that, in creating OSSIM, we were totally dependent on the open source community. The foundation of our offering is built upon the tens of thousands of man-hours that created products like Snort, Nagios, OSSEC, and Munin. We owe a huge debt to the people who created these programs, and then subsequently gave them away.
Today and going forward, we continue to work with the broader community of security professionals and practitioners who contribute in our forums. Exchanging ideas, tips, and helping each other resolve any issues.
Which brings us back nicely to what I love about the security field. Despite all the egos and the competition, there’s still a healthy undercurrent of mutual collaboration and assistance. While this thrives, we all benefit.