Be-Secure Open Source Security Tech Stacks:
Open source is a vast technology space. We have frequent releases, bug fixes / patches being published very frequently. It is quite a tedious and time consuming effort for an organization to keep track of all changes that happen across the open source software landscape. Hence we have categorised open source technologies into five Be-Secure Open Source security tech stacks or blue prints to help the Be-Secure community navigate through security assessment of open source projects that are part of one of these categories.
The open source projects are categorized based on purpose, interoperability and technology. They also include other open source dependencies that are frequently required to develop enterprise grade open source solutions.
Be-Secure Open Source Security tech stacks are -
-
DevOps [DO] : Be-Secure tech stacks to secure open source devops tools eg. Ansible, Puppet etc.
-
Language and framework [L&F]: Be-Secure tech stacks to secure language and framework built on generic languages e.g. Ruby & Rails, PHP & Symphony, Python & Django, Javascript & Angular/Node etc.
-
Distributed & Decentralized Application [DA]: Be-Secure tech stacks for distributed and decentralized Distributed application, few e.g. are Blockchain frameworks like Hyperledger Indy, Hyperledger Fabric , Quorum etc.
-
Open-source Security Tool [S]: Be-Secure tech stacks for open source security tools eg. ZAP, BeEF etc.
Each BeSecure tech stack will be associated with two types of BeSman environments namely the Development or Provisioning environment [Dev] as well as the security testing or security sandbox environment [Sec].
BeSecure Environment for Blue teams/Teaming
This is an environment configured for an open source project, prebundled with the required security tools and dependencies that would permit the Blue team to validate application of security patches and confirm compliance to all defined security controls.
BeSecure Environment for Red Teams/Teaming
This is an environment configured for the Red team, prebundled with the required security tools and dependencies to conduct red teaming activities on an open source project with focus on unearthing vulnerabilities and exploits to compromise the security posture of the project.
The Security assessment report of the tracked project will be updated under BeSLighthouse project.