David A. Wheeler's Blog
Sun, 24 Oct 2004
Speaking October 27 at “Open Source Enterprise Solutions Conference” of the Tech Council of Maryland
On October 27 I’ll be speaking at the
Open Source Enterprise Solutions Conference
in Rockville, Maryland.
This event is put on by the
Tech Council of Maryland.
My topic is security and open source software; those who’ve
read my books and
articles won’t be terribly surprised by the content.
I debunk extreme views like “open source is always more secure” and
“open source is never more secure,” for example.
One surprising thing is how many open source software / Free Software
(OSS/FS) security-related companies and projects
are based in Maryland.
There are quite a number!
They include:
- Sourcefire,
lead developer of the
most popular network intrusion detection system (IDS),
Snort.
Snort’s so popular that many other IDS systems accept its data format.
-
Bastille Linux,
an excellent Linux operating system hardening project.
-
Open Web Application
Security Project (OWASP),
headquartered in
Columbia, Maryland and sponsored by folks such as
Aspect Security.
OWASP publishes a very popular top ten, but they also have tools and
other projects.
-
The
Ferret Security Auditing Toolset
is a project from the University of Maryland.
-
Security-Enhanced Linux (SELinux), a research project that
added significant new access control capabilities to GNU/Linux
operating systems.
SELinux is now included in several Linux distributions.
-
There are many other consulting companies.
I did a quick search of the
companies providing OpenBSD support, and they included
Codefusion Internet Services of
Cumberland, Maryland,
who provide Unix-based consulting services to
small businesses and organizations, particularly
with *BSD Unix (OpenBSD, FreeBSD) and Linux systems.
My point is that there’s a lot going on in Maryland
that combines security with open source software, which is very interesting.
path: /oss | Current Weblog | permanent link to this entry