open source answer to critical infrastructure security challenges vadim shchepinov, chief executive...
TRANSCRIPT
Open Source Answer to Critical Infrastructure Security Challenges
Vadim Shchepinov, Chief Executive Officer
RED SOFT CORPORATION
Content
1. What is Open Source
- New way for Software to be developed and utilized- Open Source Paradigm Timeline
2. Security Requirements and Challenges
3. Open Source answer to the security challenges
4. Database Management System is the key element of Information System Security
- Open Source RDBMS – positioning within global IT
5. Red Soft
- Strategy & Products & Services- Offer to European partners and clients
1.1 What is Open Source – Free software
Open source is a model to develop, distribute and use software
• Consumer pays $ and gets software binaries for use; not source code.
• Traditional Licence allows to: consume, participate, contribute (report, suggest)
• Consumer gets software and source code without paying $• Open source Licence allows to: consume, participate,
contribute (modify, distribute)
SVSV C1C1 C2C2
$$
SoftwareBinary & sourceSoftwareBinary & source
[use][use] [read source][modify][read source][modify]
[redistribute][redistribute]
[feedback: bug reports & fixes code][feedback: support requests and resolution][feedback: feature implementation code]
[feedback: bug reports & fixes code][feedback: support requests and resolution][feedback: feature implementation code]
[patches][support][patches][support]
LicenseSVSV C1C1 C2C2
$$
SoftwareBinarySoftwareBinary
[use][use] [read source][modify][read source][modify]
[redistribute][redistribute]
[patches][support][patches][support]
License
[feedback: bug reports][feedback: support requests][feedback: features requests]
[feedback: bug reports][feedback: support requests][feedback: features requests]
Closed source – proprietary model Open Source
Source: Accenture Open Source Business Models 2007
1.2 What is Open Source – Paradigm Timeline
Sources: Optaros Open Source Catalogue 2007 & Red Soft
Pioneer Age
1980 1990 2000 2010
GNU/Linux V1.0
«Free» and Community Age
Adoption by (Enterprise) Developers
Open Source Based Business Models
Commercial Open Source
Adoption by the Enterprise
Open Source enabled Business
GNU ProjectGNU General Public License
Free SoftwareFoundation
Today
Linux V2.0
IBM commits to Linux
Red Hatfounded
Red Hatgoes public
Red Hatacquires JBoss
Red Hat$1 bln
in revenue?
IBM Linux business > $2 bln
Open SourceTerm defined
ApacheWeb Server V1.0
ApacheWeb Server V2.2 >50% of Internet
SUNopens
Open Office
Borlandopens
Interbase
Firebird Project
Open source model matured into the viable and accepted way to produce and use software efficiently, quickly and cheaply while being not locked-in by a specific vendor
2. Security requirements and challenges
• IS may contain undeclared software functionality that might breach user security
• IS require security mechanisms and tools to be build in • IS require a lot of effort and complex procedures to manage
updates for security certified software• IS require visibility and transparency for developers and IT teams to
allow efficient development and support with high degree of security requirements fulfillment
Information Systems (IS) are defined as key components of Critical Infrastructure by European Programme for Critical Infrastructure Protection (EPCIP)
The security of information systems is very important and they are placed on the 3d position in the priority list of EPCIP after energy and nuclear industries
Information systems security challenges are:
3. Open Source answer to Security challenges
• Almost impossible to introduce undeclared software functionality
• Direct access to code and more effective influence on the development road map to take into account forthcoming new security requirements
• Smooth and straightforward algorithm for security recertification of updated software
• Transparent and open solution
By the very nature of being open Open Source model and respective products allow to build and use more secure Information Systems
• Very difficult to trace undeclared software functionality that might breach user security
• Difficult to build in the required security mechanisms and tools
• Management of updates for security proprietary software is very complex and effort intensive
• Low level of visibility, transparency and access to necessary info & support required by developers and IT teams
Closed source – proprietary model Open Source
4. Database Management System is the key element of Information System security
• Database contains all the information in the information system- one source and storage place for all info
• Undeclared software functionality «kills» effectiveness of all the security mechanisms built into the other layers of information systems
• Database holds data and links between the data entities which allows structured security protection on different levels
4.1 Positioning of Open Source RDBMS within global IT
• Approx. 44% of developers is using Open Source RDBMS for development purposes
• Popularity and number of users grows some 25%/year. As of now it is close to the the level of commercial, enterprise RDBMS
• The level of discovered, security related errors in Closed Code is at least twice higher. Data about Undiscovered errors in Closed Code are not available.
• Source: Evans, IDC
5. Red Soft – Strategy and Products
• Red Soft Corporation is the preferred vendor of the secure database technology based on the Open Source model
• Red Data Base from Red Soft is secure Relational Database Management System (RDBMS) based on Firebird 2.0 - one of the best established, well-known and globally widespread open source DBMS kernels in the world
Red Soft strategy is to be the Red Hat of global open source DBMS market
• Red Database is in process of certification of security functionality for compliance with ISO/IEC 17799:2005
5. Red Soft – Offer to European Partners and Clients
• All the Open Source product range starting with Red Data Base delivered and supported by European partners
• Off-shore programming work based on Red Soft tech stack at production facilities the Russia
• Support and SW development servicesprovided to the clients directly and/or via partners
Red Soft is offering its software products, services and software assembly/production facilities to companies and partners in Europe
6. Questions and Contacts
RED SOFT CORPORATION
www.red-soft.biz
Vadim Shchepinov, Chief Executive Officer
Office Phone: +7 495 721 35 37