Choice has long been a defining feature of the world of free and open source software, and the constellation of options only gets bigger every year. Often it’s brand-new projects causing the increase, but sometimes the growth happens in another way, when tools that were developed for a company’s internal use get opened up for all the world to see, use and improve.
That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools. Google, Facebook and Netflix are all among the companies taking this approach lately, and it’s changing the security landscape significantly.
“Security is never going to work if it continues in a vacuum, with everyone keeping their tricks and observations secret,” McCall Paxton, a security consultant with Netlogx, told Linux.com. “People like me earn our living in security, but we will continue to be outpaced and collectively outsmarted unless more things become open source. From monitoring programs to tools, it boils down to time — none of us has it alone, but we have it in spades when we are together.
“You can have a very strong team of 20 people working on your security product, or you can leverage not only your dedicated team but the thousands of people who are a part of the open source community,” Paxton added. “In essence, you have just increased your team a hundredfold.”
Ready for a rundown of some of the key security products to join the open source world recently? There’s definitely no shortage.
10 Newly Open Source Security Tools
* Nogotofail. Originally built by Google’s Android security team, Nogotofail “provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations,” in the words of Chad Brubaker, an Android security engineer. The tool works for Android, iOS, Linux, Windows, Chrome OS and OSX. “We’ve been using this tool ourselves for some time,” Brubaker explained earlier this month. “Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.”
* Osquery. Facebook’s Osquery, meanwhile, targets enterprises with a tool focused on SQL-powered operating-system instrumentation and analytics. “With Osquery, you can use SQL to query low-level operating-system information,” the project site explains. “Under the hood, instead of querying static tables, these queries dynamically execute high-performance native code. The results of the SQL query are transparently returned to you quickly and easily.”
* Security Monkey, Scumblr, Sketchy. Netflix has been on a roll when it comes to open sourcing software in general. In June it was Security Monkey that got open sourced, with a focus on monitoring and analyzing the security of Amazon Web Services configurations. More recently, it was Scumblr and Sketchy, two security-related Web applications.
* RAPPOR. Also from Google, RAPPOR — short for Randomized Aggregatable Privacy-Preserving Ordinal Response — is designed to anonymously crowdsource statistics from end-user client software without invading users’ privacy. In the words of its creators, “RAPPORs allow the forest of client data to be studied, without permitting the possibility of looking at individual trees.”
* OpenSOC. Just last week, Cisco announced an open source security analytics framework called OpenSOC. Aimed at helping organizations leverage big data for security, the new tool provides a platform for the application of anomaly detection and incident forensics to data loss. “By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation,” explained Pablo Salazar, a Cisco security solutions manager. “It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats.”
* Firing Range. Also last week, Google released Firing Range, an open source security scanning tool. “The scanner is built entirely on Google technologies like Chrome and Google Cloud Platform, with support for the latest HTML5 features, a low false positive rate and ease of use in mind,” explained Claudio Criscione, a security engineer at Google.
* Conceal. Also from Facebook is Conceal, an open source tool released earlier this year that’s essentially a set of Java APIs to perform cryptography on Android and make storage more secure and lightweight. “We created Conceal to be small and faster than existing Java crypto libraries on Android while using memory responsibly,” explained Facebook software engineer Subodh Iyengar.
* VirusTotal. Last but not least, it’s also worth mentioning Google’s free VirusTotal online scanning service. After open sourcing its uploader for Mac OSX and Linux in July, VirusTotal earlier this month rolled out a new tool focused specifically on Linux malware.