The Open Source Security Summit is a free and virtual industry event that explores the intersection of open source and security. It brings together a community of like-minded enthusiasts sharing their ideals and tactics to make online experiences safer for everyone.
Here are 5 notable takeaways from the December 2020 event.
1. Open source unleashes collaboration and transparency
Mårten Mickos, CEO of HackerOne, says when you make source code open it brings the potential for collaboration and innovation that is otherwise impossible. Open source allows you to develop more secure software. And now we’re finding that security is also better when it is open and collaborative.
”There was a principle to keep cybersecurity closed…so as not to be blamed for any wrongdoings. But when we bring openness to security, like we’ve been bringing openness to software development, we reduce cyber risk.”- Mårten Mickos
Mårten went on to suggest that teams and organizations need to train everyone.
“Train every single employee, whether they are dealing with software development and deployment or not, everybody must have a sense for [cybersecurity] because we have cyber threats coming to us through all digital channels that exist.”
2. Software security is better when we work together
Because our world essentially runs on software, we need to make sure software is strong and secure from the moment it is designed. A key part of the open source community is being able to work toward a common goal even when people disagree. The same thinking needs to be applied to security today.
”There is a way to do security and it is together. We need to plan together. Design together. Look for problems together. Fix things together. Share best practices with each other. That’s how we build a digital society that can truly work together, and where people can trust the product.” - Mårten Mickos
3. Secure sharing is an essential part of the workplace
Mark Miller of NASA highlighted the importance of secure sharing in the workplace. He said a need to share passwords within his organization, as well as other sensitive information, brought him to password management. The right tool can make your team or operation more efficient in being able to share information securely.
Some examples of sensitive information that is commonly shared in the workplace include:
- API keys
- SSH keys
- Key pairs
A credential management tool gives you a holistic process to manage the data and be able to share securely with team members.
4. Business and personal credentials need to be managed
IT administrators may think of credential management in a business context, but Mark Miller also highlighted the benefits of educating employees around personal credentials as well. Employees will want and need to store personal information while at work, so having a password management tool that gives you an Organizational Vault in addition to a personal Vault for every employee provides many benefits.
Organizational items are saved on behalf of the business and can be shared through Collections. If or when an employee moves on to another opportunity, their access to the Organization is removed.
”It gives you an excellent way to transfer information to another person that is efficient and fast.” - Mark Miller
5. Expect more awareness and education in 2021
In a fireside chat, Michael Crandell, CEO of Bitwarden, and Freshman, discussed what’s coming in 2021. We can expect to see more awareness and education about security and credential management to the general public in addition to users in the workplace. For organizations, a starting point is giving employees the right tools that will overlap between personal life and work life. And it goes beyond that with enabling users with education about the process and reasoning behind using the tool.