Providing Security Assurance & Hardening for Open Source Software/Hardware: The SecOPERA approach

摘要: Rapid open-source software and hardware prototyping fueled by the significant expansion of the development community, led to the deployment of highly sophisticated frameworks, solutions and products. However, as the provided open-source solutions are managed in all aspects by their designers/engineers, they lack professional evaluation of their security level. The absence of comprehensive security assessment as well as a consolidated and ubiquitous roadmap for vulnerability patching and security hardening, makes open-source solution a risk for widespread enterprise use. This paper introduces a security assurance approach which addresses open-source hardware and software shortcoming in an end-to-end manner, by providing a logical decomposition of any such module into four distinct component layers: device, network, application and cognitive. This allows highly focused security assessment …