Open-Source Security Contributions

Mike    May 23, 2013

Today, I want to write a followup to my previous post about open sourcing security. Specifically, it focused on a TED Talk describing an amazing experiment in which a recently diagnosed Mr. Iaconesi had open sourced his medical records in an attempt to decipher his condition using the greater good of the open-source community.

Obviously, cancer and security in the technology sense are two different things. However, I think the point was that Mr. Iaconesi was tapping into a greater good that open source software and technology has proven to exist.

A perfect example of this greater good effort in open source software is Brakeman. Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities. In other words, this is a command line tool developers can use to check the code in their Rails application for common vulnerability patterns. There is also a plugin that can be used with the common Continuous Integration server, Hudson.

Brakeman is an example of the greater good spending time and energy making an open-source framework, Ruby on Rails, more secure with open-source software. Most application developers are not focused on security so a tool like this becomes extremely valuable. At the time of this writing, 23 developers have made contributions to Brakeman on Github.

Open Source Contributions

Graph displaying the number of contributions to Brakeman in Github, over the total lifetime of the project.

Ultimately, every developer using Rails in their application could benefit from the work of these 23 developers. The benefits could be something as trivial as catching code that could have allowed a SQL Injection Attack. However, anyone familiar with security knows that a SQL Injection Attack, relatively trivial to prevent in code, can lead to much larger things such as loss of sensitive information.

In Mr. Iaconesi’s case, maybe there is something trivial that the doctors or technicians are missing. Taking the example of Brakeman in open-source software, maybe a contributor will add something to his cancer discussion that may seem trivial, like preventing an Injection Attack, which will correlate to possibly preventing his cancer from spreading.

Brakeman is only one example of how security in the technology sense is benefitting from open-source projects. Because you are reading this, I am going to assume you are involved with security to some degree. I encourage you to find an open-source project to contribute to in some way. Maybe you can add something that on the surface seems trivial but is anything but when it comes to securing someone’s application. Contributing does not have to occupy a lot of time. Find a project that you can contribute to right away, even if the effort is small and get started. I’ve decided to fork Brakeman and plan to join the contributors there for the greater good.

Leave a Reply

Your email address will not be published. Required fields are marked *