Open source is a double-edged sword for information security.
On the one hand, security professionals rely on countless open source security software tools, frameworks, and data and intelligence sharing platforms to carry out their work.
On the other hand, attackers have access to the same tools. And without highly-skilled experts from a Cyber Security Company, open source software, both in security operations and elsewhere in the data center, can itself pose security risks. Open Source Software (OSS) poses familiar cybersecurity challenges. This is why testing software is important.
The importance of open source tools
According to a survey released late last month, by Aqua Security, most security professionals are in favor of using open source security software and tools.
In the survey of 100 CISOs at Fortune 1000 companies, 70% said that open source security solutions and other cybersecurity training resources offered a faster way to secure their environments.
“Open source permeates the data center,” said Mike Parkin, cyber engineer at Vulcan Cyber. “If you’re using tools to monitor your data center – a lot of those are open source. I was a penetration tester, and there are tons of open source tools in that world.”
Parkin suggested that to familiarize yourself with the subject, one resource to start with is OWASP’s list of free open source application security tools.
The SANS Institute also has a collection of open source security tools built by its instructors, he added.