We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byLiam Leavins
Modified over 2 years ago
04 October 2006 © 2006 Rhye Internet Solutions Limited 1 Open Source Security Is Open Source software more or less secure than proprietary equivalents? Peter SJF Bance CEng MBCS CITP Technical Director, Rhye Internet Solutions Limited CESG and BCS Listed Security Adviser
204 October 2006© 2006 Rhye Internet Solutions Limited The Arguments Secure coding practices Code audit / review Developer motivation / integrity Vendor liability / commitment Distribution mechanisms Vulnerability alerting / patching Ownership, updates and maintenance Security through secrecy (obfuscation)
304 October 2006© 2006 Rhye Internet Solutions Limited So who is right?
404 October 2006© 2006 Rhye Internet Solutions Limited Clearly, this is a grey area… The Open/Closed source decision will need to be made based on your situation, taking into account such factors as: Corporate policy Corporate policy Reliability requirements Reliability requirements Maintainability Maintainability Security requirements Security requirements In-house knowledge and skills In-house knowledge and skills
504 October 2006© 2006 Rhye Internet Solutions Limited The question: Is Open Source software more or less secure than proprietary equivalents? The answer? This will depend on your specific situation.
604 October 2006© 2006 Rhye Internet Solutions Limited We need a different approach…
704 October 2006© 2006 Rhye Internet Solutions Limited Risk Assessment 1.Information Assets (value/impact) – Confidentiality, Integrity & Availability 2.Business Domains (interconnectivity) 3.Attack groups 4.Capability / Motivation ≡ Threat 5.Compromise Paths 6.Opportunity / Deterrence ≡ Likelihood Is the resultant risk acceptable?
804 October 2006© 2006 Rhye Internet Solutions Limited Only by assessing the risks associated with each individual requirement can we decide whether the “right” solution involves Open or Closed Source products.
904 October 2006© 2006 Rhye Internet Solutions Limited Summary There is no simple answer to the question of whether Open or Closed Source is more secure, and it may be dangerous to generalise. It is therefore wise to approach this issue on a per-project basis, founded on a realistic and pragmatic assessment of the business, technical and security risks involved. business, technical and security risks involved.
1004 October 2006© 2006 Rhye Internet Solutions Limited Further Information On Google (www.google.com): “open source” closed or proprietary research research quantify quantify empirical
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
Incident Response Managing Security at Microsoft Published: April 2004.
System Analysis System Analysis - Mr. Ahmad Al-Ghoul System Analysis and Design.
Information Security Threat-Based Security Engineering An Engineering Approach to Managing Risk ISACA London Chapter Technical Briefing 23 rd September.
Principles of Information Security, 3rd Edition2 Define risk management, risk identification, and risk control Understand how risk is identified and.
Jim Pealow, MBA, CMA, CAFM First Nations Planning, Community Involvement and Mandates Workshop Aboriginal Financial Officers Association.
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada.
Implementing and Enforcing the HIPAA Security Rule John Parmigiani National Practice Director Regulatory and Compliance Services CTG HealthCare Solutions,
Community engagement Implementing NICE guidance 2008 NICE public health guidance 9.
© John Beveridge CobiT Update NSAA IT Conference Richmond, VA John W. Beveridge September 27, 2007.
Dealing with Web Application Security, Regulation Style Andrew Weidenhamer 11/10/2010.
IP Audit "We're in an object-oriented, outsourced, and open-sourced world, and organizations are anxious to take steps to ensure that the software they.
© 2012 ISO27k Forum. ISO Roadmap © 2012 ISO27k Forum ISO27001 ISO27001 formally specifies how to establish an Information Security Management.
Date. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval.
2. Develop Procurement Strategy 2. Develop Procurement Strategy 3. Supplier Evaluation & Selection 3. Supplier Evaluation & Selection 5. Induction & Integration.
July 15, 2004 United States Census Bureau Decennial Response Integration System (DRIS) Vendor Conference.
Mission statement: The Innovating Regions in Europe want to create a policy consulting community of practice in the field of regional innovation policy.
1 of 21 Information Strategy Developing an Information Strategy © FAO 2005 IMARK Investing in Information for Development Information Strategy Developing.
Competence is the demonstrated ability to apply knowledge and/or skills and, where relevant, personal attributes. A certification scheme contains.
A centre of expertise in digital information managementwww.ukoln.ac.uk Open Source And Open Standards: The Synergies Brian Kelly UKOLN University of Bath.
Supporting further and higher education Pedagogic Evaluation Helen Beetham Consultant in Pedagogy JISC e-learning programme.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 23Slide 1 Chapter 23 Software Cost Estimation.
A new milestone event for reducing disasters The World Conference on Disaster Reduction Kobe, Hyogo, Japan, January 2005 African Regional Consultation.
Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
© 2016 SlidePlayer.com Inc. All rights reserved.