Save 37% off PRO during our Black Friday Sale! »

How Open Source Benefits Cyber Security

C416a04a16b233e65afd993815c167dd?s=47 Ian Lee
June 05, 2018

How Open Source Benefits Cyber Security

With the perpetual increase in cyber security requirements, it is foolish for DOE elements to not collaborate on common solutions to the same problems. This talk will highlight several recent instances where an open source approach, across government agencies, has significantly lowered the barriers to successful compliance and modernization of cyber security practices and IT assets. It will serve as a call to action to further combine our resources as we strive to do more with less.

Prepared by LLNL under Contract DE-AC52-07NA27344.


Ian Lee

June 05, 2018


  1. LLNL-PRES-752254 This work was performed under the auspices of the

    U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC How Open Source Benefits Cyber Security Department of Energy – Cyber Conference Ian Lee 2018-06-05
  2. LLNL-PRES-752254 2

  3. LLNL-PRES-752254 3 Django Con 2015 – Opening Keynote
  4. LLNL-PRES-752254 4 Why am I passionate about Open Source? Leave

    things better than you found them.
  5. LLNL-PRES-752254 5 § DOE Orders § DHS Binding Operational Directories

    § OMB Memorandums § System Compliance (CIS / STIG Benchmarks) § Vulnerability Scanning (Tenable) § Audits § ... Growing Compliance Requirements
  6. LLNL-PRES-752254 6 OMB M-15-13: Require Secure Connections

  7. LLNL-PRES-752254 7

  8. LLNL-PRES-752254 8 8

  9. LLNL-PRES-752254 9✓&q=label%3A%22Public+Comment%22

  10. LLNL-PRES-752254 10

  11. LLNL-PRES-752254 11

  12. LLNL-PRES-752254 12

  13. LLNL-PRES-752254 13

  14. LLNL-PRES-752254 14

  15. LLNL-PRES-752254 15

  16. LLNL-PRES-752254 16

  17. LLNL-PRES-752254 17

  18. LLNL-PRES-752254 18

  19. LLNL-PRES-752254 19

  20. LLNL-PRES-752254 20

  21. LLNL-PRES-752254 21

  22. LLNL-PRES-752254 22

  23. LLNL-PRES-752254 23

  24. LLNL-PRES-752254 24

  25. LLNL-PRES-752254 25

  26. LLNL-PRES-752254 26

  27. LLNL-PRES-752254 27

  28. LLNL-PRES-752254 28

  29. LLNL-PRES-752254 29

  30. LLNL-PRES-752254 30

  31. LLNL-PRES-752254 31

  32. LLNL-PRES-752254 32 OWASP ZAP § “OWASP ZAP is more helpful

    to me because it’s open source because I can easily report and explain false positives to the open source maintainers, including reviewing the code to help identify why false positives are happening. When I have fewer false positives in my scans, I don’t have to do as much paperwork for my P-ATO.” — Britta Gustafson, GSA / 18F
  33. LLNL-PRES-752254 33

  34. LLNL-PRES-752254 34

  35. LLNL-PRES-752254 35 What are we doing?

  36. LLNL-PRES-752254 36

  37. LLNL-PRES-752254 37 LLNL Open Source Presence

  38. LLNL-PRES-752254 38 LLNL Open Source Engagement

  39. LLNL-PRES-752254 39 LLNL Open Source Activities

  40. LLNL-PRES-752254 40

  41. LLNL-PRES-752254 41 Science & Technology Review “Our large collection of

    software is a precious Laboratory asset, one that benefits both Lawrence Livermore, and in many cases, the public at large.” - Bruce Hendrickson Associate Director, Computation
  42. LLNL-PRES-752254 42

  43. LLNL-PRES-752254 43 § “Federal Source Code Policy: Achieving Efficiency, Transparency,

    and Innovation through Reuseable and Open Source Software” — “Agencies shall make custom-developed code available for Government-wide reuse and make their code inventories discoverable at (“”) […]” — “[…] establishes a pilot program that requires agencies, when commissioning new custom software, to release at least 20 percent of new custom-developed code as Open Source Software (OSS) […]” Federal Source Code Policy
  44. LLNL-PRES-752254 44

  45. LLNL-PRES-752254 45

  46. LLNL-PRES-752254 46 Federal Source Code Policy Compliance (1 of 3

    out of 25)
  47. LLNL-PRES-752254 47

  48. LLNL-PRES-752254 48

  49. LLNL-PRES-752254 49

  50. LLNL-PRES-752254 50 US Government Organizations on GitHub

  51. LLNL-PRES-752254 51

  52. Thank You! @IanLee1521 // @LLNL_OpenSource

  53. This document was prepared as an account of work sponsored

    by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Rference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.