ISP Blog

Supporting Open Source

At MindPoint Group we recognize the value that open source software provides and we work to support it in several ways.

First, we support open source software by making our own contributions to the community. Much of the software we write is open, available for use, and published in our GitHub organization. Some of the software we publish, like the Ansible system hardening roles, are directly applicable and usable to many within the cybersecurity community and beyond. Other published software, such as Raziel, is domain specific and not as widely usable but we open it to provide greater transparency into the code we use to build our services.

Second, we support the open source software packages we use in our products and services directly through monetary support and development support. One way we provide monetary support is by subscribing to Tidelift which directly funds the maintainers of packages we use in our projects. We provide development support by encouraging and paying our developers to make code contributions back to the open source projects we use. The following is a list of some of the projects we published or supported this year.

 Ansible Lockdown

We worked with the community and helped publish several new OS hardening roles and furthered development of existing roles.

• Windows 2008R2 and 2012 STIGs published
  • Windows 2008R2 Member Server STIG/a>
  • Windows 2012 Domain Controller STIG
  • Windows 2012 Member Server STIG

Ansible Lockdown was formalized as an official Ansible Community Working Group – https://github.com/ansible/community/tree/master/group-lockdown and we worked to launch several new community collaboration efforts.

• Biweekly working group meetings held on IRC
• Established relationship with Ansible Hardening project (Rackspace) and currently working on merger of efforts
• #ansible-lockdown IRC channel established for community collaboration
• Formed the ansible-lockdown (https://github.com/ansible-lockdown) and ansible-lockdown-sig (https://github.com/ansible-lockdown-sig) GitHub orgs to centralize development of new community hardening roles.
• Launched https://ansiblelockdown.io/

This year was our most active year for commits and external collaborators to the three primary roles MPG supports:

• https://github.com/MindPointGroup/RHEL7-STIG
• https://github.com/MindPointGroup/RHEL6-STIG
• https://github.com/MindPointGroup/RHEL7-CIS
• You can also get more information on these at ansiblelockdown.io

CloudFrunt tool

A member of our proactive security services team identified an issue with CloudFront domain misconfigurations through some of our client work. They developed a tool to identify and secure those domains and ended finding out that the problem was much more wide spread than initially thought. We open sourced that tool after coordinating with the AWS CloudFront team so that other researchers and organizations could use it to secure themselves.

• https://github.com/MindPointGroup/cloudfrunt

@MindPointGroup/raziel

Raziel is a lightweight, async/await abstraction library for interfacing with AWS DynamoDB. The library was directly developed for use in one of our products and it is fairly domain specific. However we believe transparency and openness in software is key to building trust.

• https://github.com/MindPointGroup/raziel
• https://www.npmjs.com/package/@mindpointgroup/raziel

STIG CLI

This is a command line utility built to help technical folks more easily interact with DISA STIG content. As cybersecurity practitioners we work with DISA STIG content frequently and through our work developing Ansible roles for STIG content we have a need to parse through and extract details from STIG content more easily. There are other tools available but none of them are command line friendly.

• https://github.com/defionscode/stig-cli
• https://www.npmjs.com/package/stig

Django SAML2 Authentication

We are fans of Python and the Django framework and we use both to build some of our internal tools and other software. We also believe identity federation is important and just good security practice. This package provides an easy way to integrate SAML2 authentication with the Django framework.

• https://github.com/MindPointGroup/django-saml2-pro-auth
• https://pypi.org/project/django-saml2-pro-auth/

Tonic framework

Tonic is an extremely small and light weight JavaScript class for building components. One of the developers working on building software for us developed it and we use it internally on projects. We sponsor the continued development and support of the framework through direct monetary support.

• https://tonic.technology/
• https://github.com/hxoht/tonic

Want to learn about our open positions?  Click this link

• About
• Latest Posts

Dan Shepherd

Director, Engineering and Innovation at MindPoint Group

Dan is the Director of Engineering and Innovation where he overseas the Cloud Security and Security Engineering and Architecture service lines as well as the company's Research and Development efforts.

Latest posts by Dan Shepherd (see all)

• 2018 YEAR IN REVIEW:Open Source Collaboration - January 2, 2019
• AWS re:Invent 2015 recap - October 26, 2015
• Implementing Security Monitoring in Small and Mid-sized Organizations - July 1, 2011