Open Source Answer to Critical Infrastructure Security Challenges

Vadim Shchepinov, Chief Executive Officer

RED SOFT CORPORATION

Content

1. What is Open Source

- New way for Software to be developed and utilized- Open Source Paradigm Timeline

2. Security Requirements and Challenges

3. Open Source answer to the security challenges

4. Database Management System is the key element of Information System Security

- Open Source RDBMS – positioning within global IT

5. Red Soft

- Strategy & Products & Services- Offer to European partners and clients

1.1 What is Open Source – Free software

Open source is a model to develop, distribute and use software

• Consumer pays $ and gets software binaries for use; not source code.

• Traditional Licence allows to: consume, participate, contribute (report, suggest)

• Consumer gets software and source code without paying $• Open source Licence allows to: consume, participate,

contribute (modify, distribute)

SVSV C1C1 C2C2

$$

SoftwareBinary & sourceSoftwareBinary & source

[use][use] [read source][modify][read source][modify]

[redistribute][redistribute]

[feedback: bug reports & fixes code][feedback: support requests and resolution][feedback: feature implementation code]

[feedback: bug reports & fixes code][feedback: support requests and resolution][feedback: feature implementation code]

[patches][support][patches][support]

LicenseSVSV C1C1 C2C2

$$

SoftwareBinarySoftwareBinary

[use][use] [read source][modify][read source][modify]

[redistribute][redistribute]

[patches][support][patches][support]

License

[feedback: bug reports][feedback: support requests][feedback: features requests]

[feedback: bug reports][feedback: support requests][feedback: features requests]

Closed source – proprietary model Open Source

Source: Accenture Open Source Business Models 2007

1.2 What is Open Source – Paradigm Timeline

Sources: Optaros Open Source Catalogue 2007 & Red Soft

Pioneer Age

1980 1990 2000 2010

GNU/Linux V1.0

«Free» and Community Age

Adoption by (Enterprise) Developers

Open Source Based Business Models

Commercial Open Source

Adoption by the Enterprise

Open Source enabled Business

GNU ProjectGNU General Public License

Free SoftwareFoundation

Today

Linux V2.0

IBM commits to Linux

Red Hatfounded

Red Hatgoes public

Red Hatacquires JBoss

Red Hat$1 bln

in revenue?

IBM Linux business > $2 bln

Open SourceTerm defined

ApacheWeb Server V1.0

ApacheWeb Server V2.2 >50% of Internet

SUNopens

Open Office

Borlandopens

Interbase

Firebird Project

Open source model matured into the viable and accepted way to produce and use software efficiently, quickly and cheaply while being not locked-in by a specific vendor

2. Security requirements and challenges

• IS may contain undeclared software functionality that might breach user security

• IS require security mechanisms and tools to be build in • IS require a lot of effort and complex procedures to manage

updates for security certified software• IS require visibility and transparency for developers and IT teams to

allow efficient development and support with high degree of security requirements fulfillment

Information Systems (IS) are defined as key components of Critical Infrastructure by European Programme for Critical Infrastructure Protection (EPCIP)

The security of information systems is very important and they are placed on the 3d position in the priority list of EPCIP after energy and nuclear industries

Information systems security challenges are:

3. Open Source answer to Security challenges

• Almost impossible to introduce undeclared software functionality

• Direct access to code and more effective influence on the development road map to take into account forthcoming new security requirements

• Smooth and straightforward algorithm for security recertification of updated software

• Transparent and open solution

By the very nature of being open Open Source model and respective products allow to build and use more secure Information Systems

• Very difficult to trace undeclared software functionality that might breach user security

• Difficult to build in the required security mechanisms and tools

• Management of updates for security proprietary software is very complex and effort intensive

• Low level of visibility, transparency and access to necessary info & support required by developers and IT teams

Closed source – proprietary model Open Source

4. Database Management System is the key element of Information System security

• Database contains all the information in the information system- one source and storage place for all info

• Undeclared software functionality «kills» effectiveness of all the security mechanisms built into the other layers of information systems

• Database holds data and links between the data entities which allows structured security protection on different levels

4.1 Positioning of Open Source RDBMS within global IT

• Approx. 44% of developers is using Open Source RDBMS for development purposes

• Popularity and number of users grows some 25%/year. As of now it is close to the the level of commercial, enterprise RDBMS

• The level of discovered, security related errors in Closed Code is at least twice higher. Data about Undiscovered errors in Closed Code are not available.

• Source: Evans, IDC

5. Red Soft – Strategy and Products

• Red Soft Corporation is the preferred vendor of the secure database technology based on the Open Source model

• Red Data Base from Red Soft is secure Relational Database Management System (RDBMS) based on Firebird 2.0 - one of the best established, well-known and globally widespread open source DBMS kernels in the world

Red Soft strategy is to be the Red Hat of global open source DBMS market

• Red Database is in process of certification of security functionality for compliance with ISO/IEC 17799:2005

5. Red Soft – Offer to European Partners and Clients

• All the Open Source product range starting with Red Data Base delivered and supported by European partners

• Off-shore programming work based on Red Soft tech stack at production facilities the Russia

• Support and SW development servicesprovided to the clients directly and/or via partners

Red Soft is offering its software products, services and software assembly/production facilities to companies and partners in Europe

6. Questions and Contacts

RED SOFT CORPORATION

www.red-soft.biz

Vadim Shchepinov, Chief Executive Officer

vadim.shchepinov@red-soft.biz

Office Phone: +7 495 721 35 37