Figure 1: O31E Lab overview
*O31E is an abbreviation of "Open Source Security Lab as a Service". The term "O31E" is derived from its spelling, indicating the number of characters between the letters O and E
Organizations can leverage the open-source security program to
- Strengthen their open-source security posture
- Reduce time to evaluate open source projects
- Reduce the cost of open source security assessment
- Enhance agility in securing and implementing open source based applications
- Increase open source adoption without compromise on security
- Increase developer productivity and developers’ focus on security
The community is key to any open source project. The Be-Secure community is responsible for supporting and maintaining Be-Secure project tools and sandbox environments used for regular assessment of open source security stacks.
The open source security program also focuses on leveraging the open source community to develop and sustain the Be-Secure platform. The community will help identify new open source technology stacks, proactively flagging off a potential vulnerability in open source components and contributing to new security assessment environments. The community involvement leads to the assessment of the open source stack and triggers the generation of the patch to create trusted and verified open source software (TAVOSS).
Creating a partner network for open source security
As part of the open source security program, we intend to develop a network of trusted security partners to collaborate on defining security assessment models for open source technology stacks and open source security best practices. We will aggregate the service offerings from our security partners to offer cutting edge open source security capabilities at a platform scale.
The open source security program helps drive awareness of open source security among organizations and open source community members. It also allows organizations access to standardized security assessment services that align with the open source security stacks. Today, many open source projects/components are consumed in a predefined manner without exploring the possibility of interoperability across open source technology components. The program helps to address this shortcoming by offering customized environments, pre-bundled with various open source projects. The program enables the open source developers to access the best practices/tools/projects and sandbox environments to secure open source projects. Utilization of Be-Secure open source technologies stack will drive the efficiency of open source security assessments.
Wipro’s open source security program expects to drive greater adoption of open source technologies, enhance awareness of open source and open source security, bring together cybersecurity expertise covering all domains of security, and enable continuous security assessment to address changing security needs of open source projects.
About the Authors
Global Head Open source & Blockchain Security, Cybersecurity & Risk Services, Wipro
Vinod is a Distinguished Member of Technical Staff, Senior Member and Chief Architect. He has over 21 years of experience in software development and product architecture. Vinod currently leads the open source and blockchain security initiatives for the cybersecurity practice at Wipro. He is an expert in decentralized identity, blockchain security, building open source solutions, community-led tools development, open-source licensing, and re-engineering of products.
Sumod Rajan George, PMP
Sr. Project Manager, Cybersecurity and Risk services, Wipro
Sumod has over two decades of experience in software development, managing various projects and programs for business domains, such as retail, finance, healthcare, and transportation. He is currently part of the open source and blockchain security practice team with CRS, which focuses on security for open source and blockchain technology-based solutions.