SESSION ID: OST-T08 Open Source: Promise, Perils and the Path Ahead MODERATOR: Ed Moyle PANELISTS: Inigo Merino Partner SecurityCurve @securitycurve CEO Cienaga Systems @spoofo Dr. Kelley Misata CEO Sightline Security @k3133t Lenny Zeltser CISO Axonius @lennyzeltser #RSAC #RSAC Open Source at RSA! Mission: – Highlight new/useful tools that can help solve real world problems – Foster open source development in the security community Plan: – Organize the track as close to an open source project as possible: build a community of open source developers, advocates, enthusiastic enterprise users Program committee advisors (some unable to attend in person today): – – – – – – Inigo Merino Dr. Kelley Misata HD Moore Ed Moyle Daniel Stenberg Lenny Zeltser 2 Open source adoption in enterprise “Shift Left” = open source – Containers (Docker) – Orchestration (Kubernetes) – Service Mesh (Istio, Envoy) – CI/CD (Ansible, Puppet, Chef – as of 2019) Source: “Open Source Programs in Enterprise – 2019”, NewStack #RSAC Challenges and barriers to usage Source: GitHub (Open Source Survey), opensourcesurvey.org #RSAC #RSAC Call to action Source: Library of Congress, ppmsca 50554 Taking this forward (“how to apply”) This week: – Think about the security problems you’re trying to solve – chances are good the tools in this track can help with at least some of them Next week: – Engage with your firm’s open source management program (if there is one), or – Consider championing one (build consensus, find like-minded allies) if it doesn’t already exist Next month: – Keep an eye open for internal efforts that you may be “sitting on” that can help others (benefits to you include free marketing, low-cost support/improvements to tools you’re using anyway) Next year: – Consider submitting your projects/software/experiences to this forum (or others like it) 6 #RSAC