Cyber security problems are created by starting with a bad architecture or design or simply by a lack of knowledge and experience. Using an open security approach the security can be improved through collaboration. To improve security and privacy within digital worlds a number of aspects are of crucial importance:
- Open collaboration: This means that everyone can reuse and/or improve security and privacy related material (e.g. documentation).
- Use of open solutions: This means use OSS products for security and privacy services. Think about the use of simple encryption software: We have more trust in an open encryption solutions that one that is claimed by a company that is unbreakable.
- Learn from each other and from our mistakes. People make mistakes. We make bad designs that increases security problems instead of solving them.
Open security can be defined as an approach to use existing open knowledge in combination with the application of open source software (OSS) to help solve cyber security problems. OSS approaches collaboratively develop and maintain intellectual works (including software and documentation) by enabling us to use them for any purpose, as well as study, create, change, and redistribute them (in whole or in part).
So why use open source software for security and privacy applications? Open source software provides additional trust by allowing people to look into the source code whereas good OSS projects are completely transparent on all their SDLC and quality processes. When using OSS adjustments or improvements are easily made providing you with a flexible solution for your business.
Improvements will not come overnight and a paradigm shift is needed for many companies to be more open and transparent regarding their security and privacy designs. Open source for use in the field of security and privacy means easy reuse (code or ideas), to improve what is already there. Reuse would be in a way so everyone can benefit. That way the quality gets better and better.
Visit the T-DOSE Conference (Technical Dutch Open Source Event) on 28 and 29 November 2015 in Eindhoven to learn more on using Open Architecture approaches and Source Software for security and privacy challenges.
