BSides Nashville 2015

We Built This and So Can YouWhy Open Source Matters

About:

● Tim Fowler - OSWP

● Security Consultant, mountainsec, LLC

● Asheville, NC

● @roobixx

2 of 412

Background:

● Christian

● Triathlete

● Generally a good guy

● Open Source developer

3 of 412

What is Open Source?

4 of 412...just kidding

Why does it matter?

...why does it matter to InfoSec?

How do I get started?

What is Open Source?

● Open source denotes software for which the original source code is made freely available and may be redistributed and modified.*

*This is the technical definition

Open Source is also...

● Philosophy

● Ideal

● Community

● Ecosystem

Open Source is aboutTRANSPARENCY

Open Source is aboutPEER PRODUCTION

Open Source is aboutDISTRIBUTION

Open Source does not start or stop with CODE...

...It starts with a conversation

...It starts with a conversation

Why does Open Source matter?● Open source matters for many reasons but

probably none more than it allows access without restriction

● The transparency of the source allows for audits and assessments of the code for potential issues

● It allows for some one to build upon the works of another to produce something that might not be possible otherwise.

Why Open Source matters?

● Open Source does not require you to have all the answers. Ideas and concepts can be collaborated on to solve very tough issues.

● Open Source allows for direct feedback on ideas and concepts. (not always enjoyable)

● Open Source matters because it empowers and enables people reach beyond their own capabilities.

...why it matters in InfoSec

InfoSec moves fast...very fast and open source allows for people to be in the know.

...why it matters in InfoSec?

● Shared knowledge base

– Everyone can see what we are seeing

– Results can be validated (or possibly disproved)

● Common goal

– We are hear to secure our systems, networks, people. It's hard enough as it is but why do it alone?

● Providing answers to questions that have yet to be asked by others.

How do you get started?

Open Source starts with a conversation

Start your own conversation!

Did you know you can contribute to an open source project and

never write a single line of code?

How to get started?

● Ask Questions

● Create a How To

● DOCUMENTATION!

● DOCUMENTATION!

● DOCUMENTATION!

DOCUMENTATION!!!!

Seriously, we are very bad at properly documenting processes

and you can help!

How to get started?

● Find a project

– Work to the current documentation

– Did it work?

– Yes? Awesome● No? Find out why, fix it and submit a pull request● Celebrate your first contribution to Open Source!

<RANT>