adventures in open source software dealing with security
play

Adventures in Open Source Software: Dealing with Security Life in - PowerPoint PPT Presentation

Mar 23, 2024 •104 likes •563 views

Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By Sevan Janiyan What is pkgsrc Cross platform packaging system 23 listed platforms in 2015Q3 release notes Strive to keep local changes minimal

  1. Adventures in Open Source Software: Dealing with Security Life in the pkgsrc security team By Sevan Janiyan

  2. What is pkgsrc Cross platform packaging system 23 listed platforms in 2015Q3 release notes Strive to keep local changes minimal (co-ordinate with upstream) Focus on portability Limited arch cross-compile support (NetBSD only) Somewhat consistent build across platforms however Easily auditable and adaptable

  8. Advisories

  11. "We never contacted FreeBSD or NetBSD because we didn't spend enough time to check kame.net. To be honest NetBSD is a pain to deal with. To install FreeBSD or NetBSD takes hours I don't have. I got the offer to give a subversive anti- authoritarian talk at TA3M. I sent a friendly request to my colleagues. I wrote it up. My colleagues published the vulnerability to SourceForge. Now I'm doing the full disclosure and advertising necessary to get people to switch." https://www.altsci.com/ipsec/ipsec-tools-sa.html

  12. Advanced Information Security Corp

  14. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided

  15. ftp://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities

  16. Project Websites

  20. Programming with libxml2 is like the thrilling embrace of an exotic strange. It seems to have the potential to fulfil your wildest dreams, but there’s a nagging voice somewhere in your head warning you that you’re about to get screwed in the worst way.

  21. Commercial Repositories

  23. OpenSSL

  24. new OpenSSL flaw

  26. Key components & Deadware

  27. libwmf CVE-2004-0941 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3477 CVE-2009-3546 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696

  28. Jasper CVE-2008-3520 CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-9029

  29. Widely Deployed

  30. Wordpress The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

  31. PHP

  32. KVM/QEMU/Xen

  33. http://xenbits.xen.org/xsa/advisory-149.html Deployment of the PATCH (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. However deployment of the (RE)BOOT LIMIT MITIGATION is NOT permitted (except where all the affected systems and VMs are administered and used only by organisations which are members of the Xen Project Security Issues Predisclosure List). Specifically, deployment on public cloud systems is NOT permitted. This is because applying domain creation and reboot limits in connection with a security issue would be a user-visible change which could lead to the rediscovery of the vulnerability.

  34. Co-ordinating with Upstream

  35. “Hacking Team, the GPL-violating Italian company who sells surveillance software to human rights abusers” - Matthew Garrett Why improving kernel security is important

  36. stunnel

  43. musl libc / Alpine Linux

  44. GCC / Binutils

Recommend

Adventures in Open Source Development The Good, the Bad and the Ugly Gina Huge

Adventures in Open Source Development The Good, the Bad and the Ugly Gina Huge

4 - 11 September 2020 Adventures in Open Source Development The Good, the Bad and the Ugly Gina Huge gina@octoprint.org Gina Huge 37 years old Software engineer Maker Hobby baker 100% Nerd Creator &

189 views • 18 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

Open Source Idea? SHARE and the Origins of Open The basic idea behind open source is very simple: When programmers can read, Source Software: 1953-1972 redistribute, and modify the source code for a piece of software, the software evolves.

530 views • 8 slides
Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Design principles for 5G Toward a new paradigm, All-IT Network architecture Unbundling Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD) Unbundled Function Blocks Open Source Hardware (OCP,

180 views • 15 slides
What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

462 views • 14 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

1 Distribution of work: new functionality Distribution of work: fixes 7 8 Who reports

The case for open source software Open Source Software Why Open Source Software / Free The process, the outcome Software (OSS/FS)? Look at the Numbers! David A. Wheeler The heat, the light Revised as of September 30 2004

464 views • 9 slides
BeyondCorp: Beyond fortress security BA.net Private Cloud Office Open Source Software Freedom,

BeyondCorp: Beyond fortress security BA.net Private Cloud Office Open Source Software Freedom,

BeyondCorp: Beyond fortress security BA.net Private Cloud Office Open Source Software Freedom, flexibility, low cost, no vendor lock-in, no jumping through monopoly license hoops, byod, local software, hybrid cloud, retire old firewalls, new

763 views • 32 slides
Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

783 views • 62 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source Software Amazing times for Open Source Software! Commercial Success Fantastic Success of Open Source Based Businesses! RedHat Acquired by IBM

1.19k views • 52 slides
December 7, 2015 - January 25, 2016 What is open source? Computer software where the source

December 7, 2015 - January 25, 2016 What is open source? Computer software where the source

December 7, 2015 - January 25, 2016 What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes

423 views • 15 slides
Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview Open Source hardware (This is the smallest font) Business model Example circuit, concept -> production Make circuit boards with Open

806 views • 78 slides
Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011

Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011

Open Source software for libraries Presentation at ECCHRD meeting Budapest, 30-31 May 2011 Open-source software (OSS) is computer software of which the source code and certain rights are provided under a license that allows others to study,

186 views • 15 slides
Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n

Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n

Ut Utilizing lizing Free e Op Open n So Source ce So Software are and nd Op Open n Data a in the Crop rop Su Suitability ability Anal alysis sis of Adlai dlai for or Cl Climat mate e Ch Change nge Adap daptation ation

670 views • 15 slides
U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com

U:Kit open source software and hardware smoke detector Slavey Karadzhov slav@attachix.com Agenda Dream Team Creating U:Kit a smart device that is open source software and open source hardware. and created with/for

173 views • 16 slides
Everyone wants (someone else) to do it Writing documentation for open source software Welcome

Everyone wants (someone else) to do it Writing documentation for open source software Welcome

Everyone wants (someone else) to do it Writing documentation for open source software Welcome Mike Pumphrey Projects Community Advocate OpenGeo Suite mike@boundlessgeo.com OpenGeo Training github.com/bmmpxf GeoServer Open Source

822 views • 46 slides
mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a vast increase in adoption of open source software solutions across the private enterprise, government associations and organizations, industries.

581 views • 18 slides
Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric Promislow ActiveState Software Inc. OpenKomodo: Own Your IDE Copenhagen, Denmark April 2, 2008 1 History Perl for Windows Active Python,

820 views • 65 slides
Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced

Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced

Open Source secure software updates for Linux-based IVI systems Arthur Taylor, CTO, ATS Advanced Telematic Systems Abstract Cyber security and vehicle recalls are two of the hottest topics in automotive software development right now.

351 views • 23 slides
Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source Software Leon Anavi Konsulko Group leon.anavi@konsulko.com leon@anavi.org FOSDEM 2018 Agenda Home automation and smart lightning Open

422 views • 30 slides
PANEL TITLE: A free choice for Europe: encouraging an independent Open Source industry

PANEL TITLE: A free choice for Europe: encouraging an independent Open Source industry

PANEL TITLE: A free choice for Europe: encouraging an independent Open Source industry James Lovegrove, Red H Director, EMEA public Po European Parliament Open Source Software Hearing Brussels, 16 May 2019 OPEN SOURCE SOFTWARE IS ALL

360 views • 22 slides
Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group

Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group

Free and Open Source Software T ools for Making Open Source Hardware Leon Anavi Konsulko Group leon.anavi@konsulko.com Embedded Linux Conference Europe 2017 23-25 October, Prague, Czech Republic Agenda Open source hardware Free and

488 views • 34 slides
Presentation Overview Introduction - motivation Software requirements Open source

Presentation Overview Introduction - motivation Software requirements Open source

Low-Cost Internet Synchronous Distance Education Using Open-Source Software J. Mark Pullen and Priscilla M. McAndrews Networking and Simulation Laboratory, C 3 I Center George Mason University Fairfax, VA 22030

638 views • 10 slides

More recommend