Open Security Foundations#

  • Center for Internet Security (CIS) The Center for Internet Security (CIS) is a 501©(3) organization is dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. CIS’s Mission is to: Identify, develop, validate, promote, and sustain best practices in cybersecurity; Deliver world-class security solutions to prevent and rapidly respond to cyber incidents; and Build and lead communities to enable an environment of trust in cyberspace.

  • Global Encryption Coalition. The Global Encryption Coalition promotes and defends encryption in key countries and multilateral fora where it is under threat. The foundation also provides crucial resources to learn more on encryption.

  • IDPro Body of Knowledge The IDPro Body of Knowledge is a compilation of IAM crucial up-to-date knowledge. This content is created and reviewed by the IAM professionals. All articles are peer reviewed. Within this resource you can find an ‘IAM Reference Architecture’, articles on ‘Authentication and Authorization’ and more content regarding IAM (Identity and Access Management).

  • Open Source Technology Improvement Fund The Open Source Technology Improvement Fund is a corporate non-profit dedicated to securing open source apps that we all depend on. Securing software isn’t easy, and we know what it takes to succeed. By facilitating security audits and reviews, OSTIF makes it easy for projects to significantly improve security.

  • The Cyber Security Body Of Knowledge. A comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. A great collection of resources that cover all aspects of cyber security.

  • The Shadowserver Foundation. Since our founding in 2004, The Shadowserver Foundation has become one of the world’s leading resources for Internet security reporting and malicious activity investigation. When we started, we were staffed entirely by volunteers. Today, we employ a full-time team and maintain a global infrastructure spanning 80 countries. Shadowserver scans the entire IPv4 Internet for over 100 different network protocols every day, and also performs IPv6 scans based on IPv6 hitlists for selected protocols. These are “hello” type port scans that do not exploit any vulnerability. Check the daily dashboard provided by this foundation.

  • Trusted CI: The Trusted CI Framework is a minimum standard for cybersecurity programs. The mission of Trusted CI Foundation is to improve the cybersecurity of NSF computational science and engineering projects, while allowing those projects to focus on their science endeavors. This foundation provides great templates and tools ready to use!

  • Objective-See Foundation Foundation focusses on free, open-source macOS security tools. And is known for organising the macOS security conference, “Objective by the Sea” (#OBTS).

  • OpenSCAP. The OpenSCAP project provides tools to improve security of your infrastructure using open source tools. This project is founded by RedHat and the tools are NIST certified. Use of the tools is encouraged if your systems or infrastructure needs to meet NIST (or other US) security standards.

  • Open Source IT Risk Management. Focuses on the Security Officers and on helping them in doing their daily business as comfortable as possible. The main goals of SOMAP.org are to develop and maintain:

  • Guides and Handbooks explaining and describing Risk Management.

  • an open and free ‘best practice’ Risk Model Repository with security objectives, threats and other risk related meta-data.

  • The OpenChain Project : A Linux Foundation project. The OpenChain Project is solely focused on commercial and non-commercial open source process management in the supply chain. Lots of resources and cc-by or cc0 licensed. Also the ISO/IEC 5230 developed by this project is available.

  • Trusted CI. Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities and have an established track record of usable, high-quality solutions suited to the needs of those communities. The team draws from best operational practices and includes leaders in the research and development of new methodologies and high-quality implementations. Trusted CI offers a great collection of valuable resources to help cybersecurity professionals. Almost all content is open and published under a Creative Commons Attribution-­NonCommercial 3.0 Unported (CC BY­NC 3.0) license.