Intro: This Talk • Our favorite Open Source Security Tools • The project, people, tech, & involvement • Protecting your Code on GitHub • What Makes Awesome Open Source Projects
facebook/osquery: what? • osquery is an operating system instrumentation framework for OS X/macOS, Windows, and Linux. The tools make low- level operating system analytics and monitoring both performant and intuitive. • Billed at “Deployable, Flexible, Fast and Tested” • Allows a system (or collection of systems) to be interrogated as a series of SQL tables
facebook/osquery: who? • Sponsored & managed by Facebook • 163 total contributors to facebook/osquery • Multiple open (and closed) source 3rd party related tools • Active Slack Channel with 599 members
facebook/osquery: tech? • Built using C++ • Data storage via Facebook’s RocksDB • Aimed at MacOS & Linux originally, ported to Windows by Trail Of Bits
The Project • Client side, browser based data manipulation UI • Packaged as a single HTML document with JS & CSS • Internally built and open sourced by a large organization
gchq/cyberchef: what? • The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis • An analyst centric web browser based tool for common data manipulation used in investigations
The Project • Created by an individual (Phillip!) for their own needs • A modern rewrite of legacy gamelinux/passivedns • Infrastructure Micro Service • Demonstrates the power one developer can have solving their own problem and sharing the result
The Project • Infrastructure as Code • Open source replacement for closed source tools • Built by a security consultancy and research organization then shared as open source
trailofbits/algo: what? • Set up a personal IPSEC VPN in the cloud • Ansible playbooks for creating a preconfigured IPSec VPN service on personal hardware or cloud providers
Yara-Rules/rules: what? • Repository of yara rules • Yara is “The pattern matching swiss knife for malware researchers” (See virustotal.github.io/yara for more) • “Antivirus you update with at git pull” ~@tomchop_ • Makes it easier to identify malware or malicious patterns in various tools
As a Contributor • Fix your own problems. • Documentation & testing are highly underrated! • Look for issues marked help wanted. • Get involved and create something!
As a Maintainer • Consistency is huge. Get others involved as necessary. • Even if it means passing off a project. • Set expectations for contribution and behavior. • Mark issues for new contributors like help wanted or good first issue. • Use the tools: project boards, issue templates, CI, etc.
Testing & CI • Use tests to ensure code does what you expect • Require tests for new code • Require passing CI before merging • Static Analysis Tools like presidentbeef/breakman • See github.com/mre/awesome-static-analysis
Community Management & Engagement • Comprehensive README describing the project & direction • Be responsive in issues & pull requests • Set expectations & hold people to expectations • Call out easy places to get started • Try: github.com/pennwynn/flint