There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Take a step forward from user to maintainer or developer in open source security related tools
1. Take a step forward from user to
maintainer/ developer in open
source security-related tools
Take a step forward from user to
maintainer/ developer in open
source security-related tools
SZ Lin (林上智)
2. /WHOAMI/WHOAMI
SZ LIN (林上智)
Debian Developer
Cybersecurity Fundamentals Specialist
ISA/ IEC 62443
Blog - https://szlin.me
4. It’s a trend to use open source
software; however…
5.
6.
7.
8. Evolution of Open Source ParticipantEvolution of Open Source Participant
User Contributor Maintainer Developer
Explicit Borderline Explicit BorderlineImplicit Borderline
Knows and uses software
Help with comments, feedback
Provide small features, bug fixes
Submit patches to maintainer
Provide big features, bug fixes
Submit patches with limited
commit rights
Formally: Has commit with
unlimited rights
Perform bulk of work; quality
assurance
14. Debian DerivativesDebian Derivatives
• Ubuntu
• Popularizing Linux around the world
• Grml
• Live system for system administrators.
• Purism PureOS
• FSF-endorsed rolling release, focused on privacy, security and convenience.
• Tails
• Preserve privacy and anonymity
• Parrot
• Security, development and privacy in mind.
• Kali Linux
• Security auditing and penetration testing.
16. The Debian Free Software GuidelinesThe Debian Free Software Guidelines
1
Free Redistribution
可自由修改並再散佈
2
Source Code
需具備原始碼, 並能夠被編譯
3
Derived Works
允許被修改並產生衍生產品
4
Integrity of The Author's Source Code
原創作者原始碼的完整性
5 No Discrimination Against Persons or Groups
不得對任何人或團體有差別待遇
6
7 Distribution of License
散布授權條款
8
License Must Not Be Specific to a Debian
授權條款不得專屬於 Debian
9
License Must Not Restrict Other Software
授權條款不得限制其他軟體
10 Example Licenses
許可證示例
No Discrimination Against Fields of Endeavor
在任何領域內的利用不得有差別待遇
17. “Commons Clause” License Condition v1.0
The Software is provided to you by the Licensor under the
License, as defined below, subject to the following condition.
Without limiting other conditions in the License, the grant of
rights under the License will not include, and the License does
not grant to you, right to Sell the Software.
For purposes of the foregoing, “Sell” means practicing any or
all of the rights granted to you under the License to provide to
third parties, for a fee or other consideration (including without
limitation fees for hosting or consulting/ support services related
to the Software), a product or service whose value derives,
entirely or substantially, from the functionality of the Software.
Any license notice or attribution required by the ense must also
include this Commons Cause License Condition notice.
src: https://commonsclause.com/
26. Confidential
Good system security
Everything is open
Usually, fixed packages are uploaded within
a few days
Stability
unstable → testing → stable
Scalability
Server, Desktop,
Laptop, Embedded devices
Long term support
5 more years by Debian-LTS project
(i386, amd64, armel and armhf)
Multiple architectures
alpha, amd64, armel, armhf, aarch64,
hppa, i386, ia64, mips, mipsel, powerpc,
s390, and spar
Why Debian ?Why Debian ?
Incredible amounts
of software
Debian comes with over 59000
different pieces
of software with free
26