Open security is the use of
open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
philosophies and methodologies to approach
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
and other
information security
Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
challenges.
Traditional application security is based on the premise that any application or service (whether it is
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
or desirable) relies on
security through obscurity
In security engineering, security through obscurity is the practice of concealing the details or mechanisms of a system to enhance its security. This approach relies on the principle of hiding something in plain sight, akin to a magician's slei ...
.
Open source approaches have created technology such as
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
(and to some extent, the
Android operating system
Android is an operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen-based mobile devices such as smartphones and tablets. Android has historically been developed by ...
). Additionally, open source approaches applied to documents have inspired
wiki
A wiki ( ) is a form of hypertext publication on the internet which is collaboratively edited and managed by its audience directly through a web browser. A typical wiki contains multiple pages that can either be edited by the public or l ...
s and their largest example,
Wikipedia
Wikipedia is a free content, free Online content, online encyclopedia that is written and maintained by a community of volunteers, known as Wikipedians, through open collaboration and the wiki software MediaWiki. Founded by Jimmy Wales and La ...
.
Open security suggests that security breaches and vulnerabilities can be better prevented or ameliorated when users facing these problems collaborate using open source philosophies.
This approach requires that users be legally allowed to collaborate, so relevant software would need to be released under a license that is widely accepted to be open source; examples include the Massachusetts Institute of Technology (MIT) license, the Apache 2.0 license, the GNU Lesser General Public License (LGPL), and the GNU General Public License (GPL).
Relevant documents would need to be under a generally accepted "open content" license; these include Creative Commons Attribution (CC-BY) and Attribution Share Alike (CC-BY-SA) licenses, but not Creative Commons "non-commercial" licenses or "no-derivative" licenses.
On the developer side, legitimate software and service providers can have independent verification and testing of their source code. On the
information technology
Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...
side, companies can aggregate common threats, patterns, and security solutions to a variety of security issues.
See also
*
Kerckhoffs's Principle
Kerckhoffs's principle (also called Kerckhoffs's desideratum, assumption, axiom, doctrine or law) of cryptography was stated by the Dutch cryptographer Auguste Kerckhoffs in the 19th century. The principle holds that a cryptosystem should be secu ...
*
OASIS (organization)
The Organization for the Advancement of Structured Information Standards (OASIS; ) is an Trade association, industry consortium that develops Technical standard, technical standards for information technology.
History
OASIS was founded under ...
(Organization for the Advancement of Structured Information Standards)
*
OWASP
The Open Worldwide Application Security Project (formerly Open Web Application Security Project) (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of Io ...
(Open Web Application Security Project)
*
Open government
Open government is the governing doctrine which maintains that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight. In its broadest construction, it opposes reason of state a ...
*
Homeland Open Security Technology
Homeland Open Security Technology (HOST) is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United State ...
*
Open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
*
Open source software
Open-source software (OSS) is Software, computer software that is released under a Open-source license, license in which the copyright holder grants users the rights to use, study, change, and Software distribution, distribute the software an ...
*
Open-source hardware
Open-source hardware (OSH, OSHW) consists of physical artifact (software development), artifacts of technology designed and offered by the open-design movement. Both free and open-source software (FOSS) and open-source hardware are created by th ...
References
{{reflist
Free software culture and documents
Free culture movement
Cybersecurity engineering