2024-10-10, 14:00–14:20 (Europe/Luxembourg), Room C1.03.05
Fourteen years ago, we established CIRCL, a national-level CERT under the NIS Directive, with a commitment to an open-source strategy from the outset. Over the past 14 years, we have grown from managing small projects to maintaining 17 different open-source initiatives in the cybersecurity field, including the MISP Project, AIL Project, and many others. Throughout this journey, we've gained invaluable insights—both positive and negative. Our experiences span community management, engaging open-source contributors, navigating supply chain distribution, marketing open-source solutions, software licensing, engineering robust software, and ensuring long-term project maintenance. This presentation will share the lessons we've learned and how they have shaped our approach to cybersecurity and open source.
Fourteen years ago, we established CIRCL, a national-level CERT under the NIS Directive, with a commitment to an open-source strategy from the outset. Over the past 14 years, we have grown from managing small projects to maintaining 17 different open-source initiatives in the cybersecurity field, including the MISP Project, AIL Project, and many others. Throughout this journey, we've gained invaluable insights—both positive and negative. Our experiences span community management, engaging open-source contributors, navigating supply chain distribution, marketing open-source solutions, software licensing, engineering robust software, and ensuring long-term project maintenance. This presentation will share the lessons we've learned and how they have shaped our approach to cybersecurity and open source.
This talk will explore how we have successfully created and maintained a significant number of open-source projects widely used in cybersecurity. The topics covered will include:
- Lessons learned from 14 years of developing and sustaining open-source projects, whether by strategy or evolution within a CERT.
- Effective management of open-source communities, contributors, and users to maintain a kind-of healthy balance.
- Navigating the complexities of supply chains and dependencies in the open-source security ecosystem.
- Strategies for managing software vulnerabilities in self-managed projects.
- Securing funding and support to sustain and grow our open-source initiatives.
Jean-Louis Huynen is a security researcher at CIRCL. He works on threat detection/intel and the development of tools to support incident response, Previously he collaborated with LIST-- Luxembourg Institute of Science and Technology (LU)--to the development of a Mixed Reality platform for the training for Security Critical Agents (mainly on firearms events and CBRN incidents). Previous research works (and his PhD) at SnT--Interdisciplinary Centre for Security, Reliability and Trust (LU)--focused on the usability of security systems and root cause analysis techniques for investigating security incidents.
As the Head of the Computer Incident Response Center Luxembourg (CIRCL), Alexandre Dulaunoy has contributed to and co-led many open source projects widely used in the CSIRT and cybersecurity community. He is passionate about breaking and creating systems to transform ruins into a living infrastructure.