David A. Wheeler's Blog

Wed, 21 Aug 2013

Open security

Modern society depends on computer systems. Yet computer security problems let attackers subvert the very systems that society depends on. This is a serious problem.

I think one approach that could help is “open security” - applying open source software (OSS) approaches to help solve computer security problems. To see why, let’s look at some background.

Back in the 1970s people collaboratively developed software that today we would call open source software or free-libre software. At the time many assumed these approaches could not scale up to big systems… but they were wrong. Software systems that would cost over a billion U.S. dollars to redevelop have been developed as open source software, and Wikipedia has used similar approaches to collaboratively develop the world’s largest encyclopedia.

So… if we can collaboratively develop multi-billion software systems, and large encyclopedias, can we use the same kinds of collaborative approaches to improve computer security? I believe we can… but if we are going to do this, we need to define a term for this (so that we can agree on what we are doing!).

I propose that open security is the application of open source software (OSS) approaches to help solve cyber security problems. OSS approaches collaboratively develop and maintain intellectual works (including software and documentation) by enabling users to use them for any purpose, as well as study, create, change, and redistribute them (in whole or in part). Cyber security problems are a lack of security (confidentiality, integrity, and/or availability), or potential lack of security (a vulnerability), in computer systems and/or the networks they are a part of. In short, open security improves security through collaboration.

You can see more details in my paper What is open security? [PDF] [DOC]. I intentionally built on previous work such as the Free Software Definition by the Free Software Foundation (FSF), the Open Source Definition (Annotated) by the Open Source Initiative (OSI), the Creative Commons license work, and the Definition of Free Cultural Works by Freedom Defined (the last one is, for example, the basis of the Wikimedia/Wikipedia licensing policy).

The Open security site has been recently set up so that you and others can join and get involved. So please - get involved! We are only just starting, and the direction we go depends on the feedback we get.

Further reading:

path: /oss | Current Weblog | permanent link to this entry