Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Take a step forward from user to
maintainer/ developer in open
source security-related tools
Take a step forward from user...
/WHOAMI/WHOAMI
SZ LIN (林上智)
 Debian Developer
 Cybersecurity Fundamentals Specialist
 ISA/ IEC 62443
 Blog - https://s...
Open Source Security ToolsOpen Source Security Tools
src: http://www.capstone-engine.org/src: https://nmap.org/
src: http:...
It’s a trend to use open source
software; however…
Evolution of Open Source ParticipantEvolution of Open Source Participant
User Contributor Maintainer Developer
Explicit Bo...
License
Compliance
Sustainability
Quality
Assurance
Preparedness
Planning
Basic Concepts in Using OSSBasic Concepts in Usi...
src: https://bits.debian.org/2019/07/upcoming-buster.html
Debian Developer LocationsDebian Developer Locations
src: https://en.wikipedia.org/wiki/List_of_Linux_distributions#/media/File:DebianFamilyTree1210.svg
Debian DerivativesDebi...
Debian DerivativesDebian Derivatives
• Ubuntu
• Popularizing Linux around the world
• Grml
• Live system for system admini...
License
Compliance
Sustainability
Quality
Assurance
Preparedness
Planning
Basic Concepts in Using OSSBasic Concepts in Usi...
The Debian Free Software GuidelinesThe Debian Free Software Guidelines
1
Free Redistribution
可自由修改並再散佈
2
Source Code
需具備原始...
“Commons Clause” License Condition v1.0
The Software is provided to you by the Licensor under the
License, as defined belo...
src: https://redislabs.com/blog/redis-labs-modules-license-changes/ src: https://redislabs.com/community/licenses/
*Note: ...
License
Compliance
Sustainability
Quality
Assurance
Preparedness
Planning
Basic Concepts in Using OSSBasic Concepts in Usi...
Debian Long Term SupportDebian Long Term Support
Debian Package Auto-BuildingDebian Package Auto-Building
Debian CI SystemDebian CI System
Debian Reproducible BuildsDebian Reproducible Builds
src: https://tests.reproducible-builds.org/debian/reproducible.html
Debian Packages TrackerDebian Packages Tracker
Confidential
Good system security
Everything is open
Usually, fixed packages are uploaded within
a few days
Stability
unst...
License
Compliance
Sustainability
Quality
Assurance
Preparedness
Planning
Basic Concepts in Using OSSBasic Concepts in Usi...
Debian Teams [8]Debian Teams [8]
Debian Security Tools Packaging Team [6]Debian Security Tools Packaging Team [6]
Task description:
• Maintain correctly al...
Team-Maintained PackagesTeam-Maintained Packages
src: https://qa.debian.org/developer.php?email=team%2Bpkg-security%40trac...
Version Control SystemVersion Control System
src: https://salsa.debian.org/pkg-security-team
Team IRC ChannelTeam IRC Channel
Public IRC channel: #debian-pkg-security on irc.debian.org (OFTC)
Team Mailing ListTeam Mailing List
src: https://lists.debian.org/debian-security-tools/
Let’s Get InvolvedLet’s Get Involved
src: https://wiki.debian.org/Teams/pkg-security
Case Study
ResourcesResources
• Debian 新維護人員手冊
• https://www.debian.org/doc/manuals/maint-guide/
• Debian 套件打包教學指南
• https://www.debi...
ReferencesReferences
[1] https://resources.github.com/whitepapers/introduction-to-innersource/
[2]https://dirkriehle.com/w...
Debian Security Tools Packaging Team
Package Tracker
Debian Security Tools Packaging Team
Package Tracker
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Take a step forward from user to maintainer or developer in open source security related tools
Prochain SlideShare
Chargement dans…5
×

Take a step forward from user to maintainer or developer in open source security related tools

163 vues

Publié le

There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.

Publié dans : Logiciels
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Take a step forward from user to maintainer or developer in open source security related tools

  1. 1. Take a step forward from user to maintainer/ developer in open source security-related tools Take a step forward from user to maintainer/ developer in open source security-related tools SZ Lin (林上智)
  2. 2. /WHOAMI/WHOAMI SZ LIN (林上智)  Debian Developer  Cybersecurity Fundamentals Specialist  ISA/ IEC 62443  Blog - https://szlin.me
  3. 3. Open Source Security ToolsOpen Source Security Tools src: http://www.capstone-engine.org/src: https://nmap.org/ src: http://www.unhide-forensics.info/src: https://virustotal.github.io/yara/ src: http://www.aircrack-ng.org/ src: http://www.openvas.org src: http://www.chkrootkit.org/http://w3af.org/
  4. 4. It’s a trend to use open source software; however…
  5. 5. Evolution of Open Source ParticipantEvolution of Open Source Participant User Contributor Maintainer Developer Explicit Borderline Explicit BorderlineImplicit Borderline Knows and uses software Help with comments, feedback Provide small features, bug fixes Submit patches to maintainer Provide big features, bug fixes Submit patches with limited commit rights Formally: Has commit with unlimited rights Perform bulk of work; quality assurance
  6. 6. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
  7. 7. src: https://bits.debian.org/2019/07/upcoming-buster.html
  8. 8. Debian Developer LocationsDebian Developer Locations
  9. 9. src: https://en.wikipedia.org/wiki/List_of_Linux_distributions#/media/File:DebianFamilyTree1210.svg Debian DerivativesDebian Derivatives
  10. 10. Debian DerivativesDebian Derivatives • Ubuntu • Popularizing Linux around the world • Grml • Live system for system administrators. • Purism PureOS • FSF-endorsed rolling release, focused on privacy, security and convenience. • Tails • Preserve privacy and anonymity • Parrot • Security, development and privacy in mind. • Kali Linux • Security auditing and penetration testing.
  11. 11. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
  12. 12. The Debian Free Software GuidelinesThe Debian Free Software Guidelines 1 Free Redistribution 可自由修改並再散佈 2 Source Code 需具備原始碼, 並能夠被編譯 3 Derived Works 允許被修改並產生衍生產品 4 Integrity of The Author's Source Code 原創作者原始碼的完整性 5 No Discrimination Against Persons or Groups 不得對任何人或團體有差別待遇 6 7 Distribution of License 散布授權條款 8 License Must Not Be Specific to a Debian 授權條款不得專屬於 Debian 9 License Must Not Restrict Other Software 授權條款不得限制其他軟體 10 Example Licenses 許可證示例 No Discrimination Against Fields of Endeavor 在任何領域內的利用不得有差別待遇
  13. 13. “Commons Clause” License Condition v1.0 The Software is provided to you by the Licensor under the License, as defined below, subject to the following condition. Without limiting other conditions in the License, the grant of rights under the License will not include, and the License does not grant to you, right to Sell the Software. For purposes of the foregoing, “Sell” means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/ support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software. Any license notice or attribution required by the ense must also include this Commons Cause License Condition notice. src: https://commonsclause.com/
  14. 14. src: https://redislabs.com/blog/redis-labs-modules-license-changes/ src: https://redislabs.com/community/licenses/ *Note: This is not an open-source license.
  15. 15. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
  16. 16. Debian Long Term SupportDebian Long Term Support
  17. 17. Debian Package Auto-BuildingDebian Package Auto-Building
  18. 18. Debian CI SystemDebian CI System
  19. 19. Debian Reproducible BuildsDebian Reproducible Builds src: https://tests.reproducible-builds.org/debian/reproducible.html
  20. 20. Debian Packages TrackerDebian Packages Tracker
  21. 21. Confidential Good system security Everything is open Usually, fixed packages are uploaded within a few days Stability unstable → testing → stable Scalability Server, Desktop, Laptop, Embedded devices Long term support 5 more years by Debian-LTS project (i386, amd64, armel and armhf) Multiple architectures alpha, amd64, armel, armhf, aarch64, hppa, i386, ia64, mips, mipsel, powerpc, s390, and spar Why Debian ?Why Debian ? Incredible amounts of software Debian comes with over 59000 different pieces of software with free 26
  22. 22. License Compliance Sustainability Quality Assurance Preparedness Planning Basic Concepts in Using OSSBasic Concepts in Using OSS
  23. 23. Debian Teams [8]Debian Teams [8]
  24. 24. Debian Security Tools Packaging Team [6]Debian Security Tools Packaging Team [6] Task description: • Maintain correctly all security related tools. • Merge back tools packaged by security-oriented Debian derivatives. src: https://salsa.debian.org/groups/pkg-security-team/-/group_members
  25. 25. Team-Maintained PackagesTeam-Maintained Packages src: https://qa.debian.org/developer.php?email=team%2Bpkg-security%40tracker.debian.org
  26. 26. Version Control SystemVersion Control System src: https://salsa.debian.org/pkg-security-team
  27. 27. Team IRC ChannelTeam IRC Channel Public IRC channel: #debian-pkg-security on irc.debian.org (OFTC)
  28. 28. Team Mailing ListTeam Mailing List src: https://lists.debian.org/debian-security-tools/
  29. 29. Let’s Get InvolvedLet’s Get Involved src: https://wiki.debian.org/Teams/pkg-security
  30. 30. Case Study
  31. 31. ResourcesResources • Debian 新維護人員手冊 • https://www.debian.org/doc/manuals/maint-guide/ • Debian 套件打包教學指南 • https://www.debian.org/doc/manuals/packaging-tutorial/packaging- tutorial.zh_TW.pdf
  32. 32. ReferencesReferences [1] https://resources.github.com/whitepapers/introduction-to-innersource/ [2]https://dirkriehle.com/wp-content/uploads/2018/05/Inner-Source-Ten- Years.pdf [3]https://www.oreilly.com/programming/free/files/getting-started-with- innersource.pdf [4] http://events17.linuxfoundation.org/sites/events/files/slides/OpenSourceSum mitJP_2017_V01.pdf [5] https://www.debian.org [6] https://wiki.debian.org/Derivatives [7] https://wiki.debian.org/Teams/pkg-security [8] https://wiki.debian.org/Teams
  33. 33. Debian Security Tools Packaging Team Package Tracker Debian Security Tools Packaging Team Package Tracker

×