Hey Joseph, I'm curious about your thoughts on the relationship of security and OSS. On the one hand, the "many eyes" philosophy suggests that OSS is a boon to security, while incidents like the Equifax breach suggest we are still faced with problems in this space. I'm personally hopeful for more sophisticated vulnerability scanning technology as a solution, but I'm curious what you think.
I believe the Open Source paradigm holds the potential to unearthing some of the best kinds of potential solutions to the worlds security problems.. on many levels. Network security: en.wikipedia.org/wiki/Snort_(softw... .. Data security. Hardware security: en.wikipedia.org/wiki/RISC-V ... Password security. Vulz/app-level security and more.
Trust is a fundamental element of security. The worlds largest "on-demand hack me network" for companies (HackerOne) reverse engineers many elements of Open Source in terms of disaggregating a unit of work across anyone on earth in service of connecting the best hackers with the top companies who want to be hacked.. to identify the best vulnerability solutions. Incentivizing them with bounties. HackerOne is doing extremely well. I think a purely commercial open source version of HackerOne (where the core infra/runtime was an open source project) could be very successful. Interestingly, the CEO of HackerOne is a friend and an incredible Open Source veteran: en.wikipedia.org/wiki/M%C3%A5rten_...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey Joseph, I'm curious about your thoughts on the relationship of security and OSS. On the one hand, the "many eyes" philosophy suggests that OSS is a boon to security, while incidents like the Equifax breach suggest we are still faced with problems in this space. I'm personally hopeful for more sophisticated vulnerability scanning technology as a solution, but I'm curious what you think.
I believe the Open Source paradigm holds the potential to unearthing some of the best kinds of potential solutions to the worlds security problems.. on many levels. Network security: en.wikipedia.org/wiki/Snort_(softw... .. Data security. Hardware security: en.wikipedia.org/wiki/RISC-V ... Password security. Vulz/app-level security and more.
Trust is a fundamental element of security. The worlds largest "on-demand hack me network" for companies (HackerOne) reverse engineers many elements of Open Source in terms of disaggregating a unit of work across anyone on earth in service of connecting the best hackers with the top companies who want to be hacked.. to identify the best vulnerability solutions. Incentivizing them with bounties. HackerOne is doing extremely well. I think a purely commercial open source version of HackerOne (where the core infra/runtime was an open source project) could be very successful. Interestingly, the CEO of HackerOne is a friend and an incredible Open Source veteran: en.wikipedia.org/wiki/M%C3%A5rten_...