Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How Open Source Benefits Cyber Security

Ian Lee
June 05, 2018

How Open Source Benefits Cyber Security

With the perpetual increase in cyber security requirements, it is foolish for DOE elements to not collaborate on common solutions to the same problems. This talk will highlight several recent instances where an open source approach, across government agencies, has significantly lowered the barriers to successful compliance and modernization of cyber security practices and IT assets. It will serve as a call to action to further combine our resources as we strive to do more with less.

Prepared by LLNL under Contract DE-AC52-07NA27344.

Ian Lee

June 05, 2018

More Decks by Ian Lee

Other Decks in Technology


  1. LLNL-PRES-752254 This work was performed under the auspices of the

    U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC How Open Source Benefits Cyber Security Department of Energy – Cyber Conference Ian Lee [email protected] 2018-06-05
  2. LLNL-PRES-752254 5 § DOE Orders § DHS Binding Operational Directories

    § OMB Memorandums § System Compliance (CIS / STIG Benchmarks) § Vulnerability Scanning (Tenable) § Audits § ... Growing Compliance Requirements
  3. LLNL-PRES-752254 32 OWASP ZAP § “OWASP ZAP is more helpful

    to me because it’s open source because I can easily report and explain false positives to the open source maintainers, including reviewing the code to help identify why false positives are happening. When I have fewer false positives in my scans, I don’t have to do as much paperwork for my P-ATO.” — Britta Gustafson, GSA / 18F
  4. LLNL-PRES-752254 41 Science & Technology Review “Our large collection of

    software is a precious Laboratory asset, one that benefits both Lawrence Livermore, and in many cases, the public at large.” - Bruce Hendrickson Associate Director, Computation https://str.llnl.gov/2018-01/comjan18
  5. LLNL-PRES-752254 43 § “Federal Source Code Policy: Achieving Efficiency, Transparency,

    and Innovation through Reuseable and Open Source Software” — “Agencies shall make custom-developed code available for Government-wide reuse and make their code inventories discoverable at https://www.code.gov (“Code.gov”) […]” — “[…] establishes a pilot program that requires agencies, when commissioning new custom software, to release at least 20 percent of new custom-developed code as Open Source Software (OSS) […]” Federal Source Code Policy https://sourcecode.cio.gov
  6. LLNL-PRES-752254 46 Federal Source Code Policy Compliance (1 of 3

    out of 25) https://code.gov/#/policy-guide/docs/compliance/dashboard
  7. This document was prepared as an account of work sponsored

    by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Rference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.