It’s Black Friday and Cyber Monday season, and while you’re enjoying better security with SSLs.com’s buy 2 get 1 free promo, we thought we’d take the opportunity to spotlight some often unsung cybersecurity heroes and collaborators: ethical hackers and open-source developers.
As a quick primer, open-source projects are software free for anyone to use and that anyone can inspect and modify, often publicly and collaboratively. Meanwhile, ethical or “white-hat” hackers legally breach computer systems to test for vulnerabilities and improve cybersecurity. This can be for private companies as well as open-source projects.
So, how do these two groups collaborate and make the Internet a better place? For one, open-source tools and software are an intrinsic part of much digital security infrastructure, while white hats play a crucial role in testing, patching, and strengthening these systems.
Let’s explore how their collaboration makes the digital landscape safer for everyone, highlighting real-life examples of open-source security projects that benefit from ethical hackers.
The role of open source in online security
Open source plays a huge role in online security. Software and tools that have become a critical part of cybersecurity include:
- Linux
- OpenSSL
- Nmap
- Metasploit
While open-source software benefits the whole Internet ecosystem overall, it can, due to its transparency, at first seem less secure than proprietary software. The fact that anyone can contribute is a boon but also a downside when malicious actors get involved. However, your friendly-neighborhood white hat will also likely come along and fix the issue, and probably collaboratively, especially if it’s a big enough project.
Ethical Hacking for open-source projects:
While proprietary software might initially seem more secure, this isn’t necessarily true. The lack of transparency makes it impossible to know if vulnerabilities are actually being addressed, while security teams may be limited and slow to react.
Open-source transparency allows security flaws to be identified and corrected by a community of experts every time. Many white hats contribute by actively seeking vulnerabilities in open-source code and reporting them for fixes.
The security-focused Open Worldwide Application Security Project (OWASP) was created to bring open-source developers and ethical hackers together. Relying on both developer contributions and white-hat audits, the project’s mission is to power secure software through education, tools, and collaboration in a global open community.
A high-profile example of ethical hackers and open-source developers coming together to resolve a security issue was the OpenSSL Heartbleed vulnerability. First discovered in 2014, this vulnerability was due to a coding mistake in an OpenSSL extension that helped malicious actors listen in on online communications, steal data from services and users, and pretend to be services and users.
Heartbleed was discovered separately by security engineers at Codenomicon and Neel Mehta of Google Security, the latter of whom first informed OpenSSL about the issue. The issue was patched in version 1.0.1g of OpenSSL, released on April 7th, 2014.
Crowdsourcing security through open-source and bug bounties:
Many open-source projects also run bug bounty programs, incentivizing ethical hackers to improve security. Bug bounty programs from various organizations, websites, and software developers offer significant rewards for identifying bugs, particularly if they’re related to security exploits or vulnerabilities. This helps prevent security breaches and other issues that could negatively impact the general public.
Hackers can connect with some companies directly, such as Google and Mozilla, which offer such bounties, while other platforms connect developers and hackers. These include:
The collaborators we can count on
Life can seem pretty dark in a lot of ways right now, so it’s essential to focus on the positives. Humans are by nature collaborative and cooperative creatures; even in times of strife, we can do a lot of good together. The teamwork between open-source software developers and white hats is emblematic of this. Because of them, the internet is sure to improve and evolve for many years to come.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.