January 2, 2019

2018 YEAR IN REVIEW: Open Source Collaboration

by Dan Shepherd

Supporting Open Source

At MindPoint Group we recognize the value that open source software provides and we work to support it in several ways.

First, we support open source software by making our own contributions to the community. Much of the software we write is open, available for use, and published in our GitHub organization. Some of the software we publish, like the Ansible system hardening roles, are directly applicable and usable to many within the cybersecurity community and beyond. Other published software, such as Raziel, is domain specific and not as widely usable but we open it to provide greater transparency into the code we use to build our services.

Second, we support the open source software packages we use in our products and services directly through monetary support and development support. One way we provide monetary support is by subscribing to Tidelift which directly funds the maintainers of packages we use in our projects. We provide development support by encouraging and paying our developers to make code contributions back to the open source projects we use. The following is a list of some of the projects we published or supported this year.

 Ansible Lockdown

We worked with the community and helped publish several new OS hardening roles and furthered development of existing roles.

Ansible Lockdown was formalized as an official Ansible Community Working Group – https://github.com/ansible/community/tree/master/group-lockdown and we worked to launch several new community collaboration efforts.

This year was our most active year for commits and external collaborators to the three primary roles MPG supports:

CloudFrunt tool

A member of our proactive security services team identified an issue with CloudFront domain misconfigurations through some of our client work. They developed a tool to identify and secure those domains and ended finding out that the problem was much more wide spread than initially thought. We open sourced that tool after coordinating with the AWS CloudFront team so that other researchers and organizations could use it to secure themselves.

@MindPointGroup/raziel

Raziel is a lightweight, async/await abstraction library for interfacing with AWS DynamoDB. The library was directly developed for use in one of our products and it is fairly domain specific. However we believe transparency and openness in software is key to building trust.

STIG CLI

This is a command line utility built to help technical folks more easily interact with DISA STIG content. As cybersecurity practitioners we work with DISA STIG content frequently and through our work developing Ansible roles for STIG content we have a need to parse through and extract details from STIG content more easily. There are other tools available but none of them are command line friendly.

Django SAML2 Authentication

We are fans of Python and the Django framework and we use both to build some of our internal tools and other software. We also believe identity federation is important and just good security practice. This package provides an easy way to integrate SAML2 authentication with the Django framework.

Tonic framework

Tonic is an extremely small and light weight JavaScript class for building components. One of the developers working on building software for us developed it and we use it internally on projects. We sponsor the continued development and support of the framework through direct monetary support.

Want to learn about our open positions?  Click this link

Categories

See More Articles
Return to Articles