Introduction#
Simplify Security means: Stop reinventing the wheel!
Make use of proven open solutions! So use and improve great FOSS cyber solutions.
Using FOSS cyber solutions gives key advantages
You can improve or extend the tool to suit your specific needs.
Transparency: You can see or review the code. Or hire an expert company to review it for you!
Transparency: Reduced risks on hidden backdoors or malicious code.
Openness: Good FOSS security solutions have an open development and governance process. You should review the process that is used before using any security tool. Or hire an expert to review it for you! Companies or foundations that create FOSS security solutions should have nothing to hide. Remember doing a specialized review is never free, so you should always compensate the FOSS project members for their time.
Cost: No expensive software licenses. So more resources available for maintenance and the manual boring security work that needs to be done. This cost-effectiveness allows resources to be allocated to other critical areas of cybersecurity.
Flexibility: Avoiding Vendor Lock-In. Multiple companies should be able to maintain and host the software for you.
Creating a FOSS tool that helps for cyber security is not hard. Automating the boring and labour intensive work save you time and money. Time you can invest to perform activities that are very hard to automate.
Thousands of good FOSS tools have been created over the past 30 years that automate various tasks needed for a healthy security management process. However only some FOSS tools are really sustainable and usable. Often FOSS cyber security tools introduce new security risks. So it is important that also FOSS security tools are created with security-by-design mindset.
How to use a FOSS security solution building blocks?
To avoid misunderstandings: Using a FOSS solution does not mean do-it-yourself.
For critical FOSS security tools in your daily operation: You should always consider using a commercial company for installation, support or a service level agreement.
Validate that the software you use is and remains open with a valid FOSS OSI approved license. Do not use FOSS security solutions that are FOSS in name only.
Always consider supporting the developers or foundation behind the product. This means donating improvements back (code and documentation) and giving financial support to make sure the FOSS product and project keeps healthy and alive.
There are more than millions of different FOSS cyber security products published and available. So the collection in this publication is a very opinionated selection. Core selecting criteria are:
The product must have a valid FOSS license. So an OSI approved license.
The security product must be active and meet a minimal quality level.
The security product must have a version-controlled source repository that is publicly readable and has a URL. Ideal is of course that all projects meet minimal requirements as outlined in the OpenSSF Best Practices Badge Program. But despite endless energy and efforts this program is still not widely known.
Missing an important FOSS security product?
I love to see your input!
Just create an issue on the github repository
Or send me an email if you do not use github due to privacy principles.
Security Solutions