Presentation is loading. Please wait.

Presentation is loading. Please wait.

04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents?

Published byLiam Leavins Modified over 10 years ago

Similar presentations

Presentation on theme: "04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents?"— Presentation transcript:

1 04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents? Peter SJF Bance CEng MBCS CITP Technical Director, Rhye Internet Solutions Limited CESG and BCS Listed Security Adviser peter.bance@rhyeinternet.com

2 204 October 2006© 2006 Rhye Internet Solutions Limited The Arguments  Secure coding practices  Code audit / review  Developer motivation / integrity  Vendor liability / commitment  Distribution mechanisms  Vulnerability alerting / patching  Ownership, updates and maintenance  Security through secrecy (obfuscation)

3 304 October 2006© 2006 Rhye Internet Solutions Limited So who is right?

4 404 October 2006© 2006 Rhye Internet Solutions Limited Clearly, this is a grey area… The Open/Closed source decision will need to be made based on your situation, taking into account such factors as: Corporate policy Corporate policy Reliability requirements Reliability requirements Maintainability Maintainability Security requirements Security requirements In-house knowledge and skills In-house knowledge and skills

5 504 October 2006© 2006 Rhye Internet Solutions Limited The question: Is Open Source software more or less secure than proprietary equivalents? The answer? This will depend on your specific situation.

6 604 October 2006© 2006 Rhye Internet Solutions Limited We need a different approach…

7 704 October 2006© 2006 Rhye Internet Solutions Limited Risk Assessment 1.Information Assets (value/impact) – Confidentiality, Integrity & Availability 2.Business Domains (interconnectivity) 3.Attack groups 4.Capability / Motivation ≡ Threat 5.Compromise Paths 6.Opportunity / Deterrence ≡ Likelihood  Is the resultant risk acceptable?

8 804 October 2006© 2006 Rhye Internet Solutions Limited Only by assessing the risks associated with each individual requirement can we decide whether the “right” solution involves Open or Closed Source products.

9 904 October 2006© 2006 Rhye Internet Solutions Limited Summary There is no simple answer to the question of whether Open or Closed Source is more secure, and it may be dangerous to generalise. It is therefore wise to approach this issue on a per-project basis, founded on a realistic and pragmatic assessment of the business, technical and security risks involved. business, technical and security risks involved.

10 1004 October 2006© 2006 Rhye Internet Solutions Limited Further Information On Google (www.google.com): www.google.com  “open source” closed or proprietary research research quantify quantify empirical empiricalpeter.bance@rhyeinternet.com

Download ppt "04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents?"

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Information Technology – Guidelines for the Management of IT Security

Information Technology – Guidelines for the Management of IT Security
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Introducing Computer and Network Security

Introducing Computer and Network Security
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
1 Regulatory Impact Assessment: Methodology and Best Practices David Shortall INMETRO International Workshop on Conformity Assessment Rio de Janeiro, Brazil.

1 Regulatory Impact Assessment: Methodology and Best Practices David Shortall INMETRO International Workshop on Conformity Assessment Rio de Janeiro, Brazil.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Risk Management.

Risk Management.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
The decision of whether to establish and maintain an internal audit function or outsource the function should be made by the company’s.

The decision of whether to establish and maintain an internal audit function or outsource the function should be made by the company’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Similar presentations

Ads by Google