Developed by open source security specialists, Be-Secure is an ecosystem project for the open source security community. Among the tools included in the suite are open source security tools, sandbox environments for security assessments, as well as custom utilities written for the open source security community. Security assessment capabilities are provided by the platform through the aggregation of various open source security assessment services and utilities.
Be-Secure is an open-source project that is led by the Be-Secure Community. This community is transforming next generation Application security threat models and security assessment playbooks into global commons. Anyone can access these threat models and security assessment playbooks and participate in their development, transforming them from an enterprise asset to a global commons.
Unlike other offensive security environments which bundle in hundreds of tools all into a single environment for red teaming or blue teaming, the focus of creating the BeS environment is to make each security testing environment recyclable with minimal memory footprint and simple to execute with minimal script or parameter modification.
BeS environments will include cherry-picked open source tools that have been tried and tested, as well as playbooks for performing security assessments.
Open source is the way forward to develop new capabilities through collaboration with open source community projects. Organizations have realized the benefits from open source software. This realization has led them to increase their adoption of open source projects to build business capabilities. This approach necessitates the focus on security for open source projects. Be-Secure projects focus on addressing common security requirements of open source projects.
Organisations, open source developers, security researchers, auditors, and regulators can all benefit from Be-Secure.
The Be-Secure Community encourages security specialists to participate in scripting of various threat models and creating security assessment playbooks while experimenting with custom tools and security testing environments.
TAVOSS is Trusted And Verified Open Source software that has undergone a security assessment by the Be-Secure Community.
Open source is vast and we have frequent new releases ,bug fixes and patches published every day . It is impossible for any organization to keep track of all the changes that happen across the open source landscape . Hence we have identified five Be-Secure Open source tech stacks or blue prints which we call as Be-Secure environments to help the Be-Secure community navigate through security assessment of these open source projects.
The open source projects are categorized based on purpose,interoperability and technology ,They include other open source dependencies that are most frequently required to develop enterprise grade open source solutions.
Each Be-Secure technology stack will be associated with atleast two types of BeSman environments namely the Development or Provisioning environment [Dev] as well as the security testing or security sandbox environment [Sec].
- DevOps [DO] : Be-Secure tech stacks to secure open source devops tools eg. Ansible, Puppet etc.
- Language and framework [L&F]: Be-Secure tech stacks to secure language and framework built on generic languages e.g. Ruby & Rails, PHP & Symphony, Python & Django, Javascript & Angular/Node etc.
- Application [A] : Be-Secure tech stacks for fully function open source applications like Drupal, magneto, odoo etc.
- Distributed & Decentralized Application [DA]: Be-Secure tech stacks for distributed and decentralized Distributed application, few e.g. are Blockchain frameworks like Hyperledger Indy, Hyperledger Fabric , Quorum etc.
- Open-source Security Tool [S]: Be-Secure tech stacks for open source security tools eg. ZAP, BeEF etc.
Developers can easily learn secure development practices and are proactively guided by BeSman environments to apply those practices and automatically informed when action is needed to prevent, remediate, or mitigate security issues.
Developers, auditors, and regulators can create new BeSman Environments and easily distribute security policies that are enforced through tooling and automation, providing continuous assurance of the results.
Security assessment environments aid Developers and researchers to identify security issues ,like unintentional vulnerabilities and have this information swiftly flow - backward through the supply chain to someone who can rapidly address the issue.
Be-Secure Community members can provide information and notifications about product defects, mitigations, quality, and supportability and have this information rapidly flow forward across the ecosystem system to all users, and users can rapidly update their software or implement mitigations as appropriate.
Click here to view the list of projects we track.
BeSman Be-Secure Manager or BeSman for short is a command-line utility to provision customized environments for each TAVOSS tech stack known as Be-Secure environments.
oah-bes-vm for easy local deployment of Be-Secure environments.
BeSLighthouse BeSLighthouse is a community dashboard for TAVOSS Components that are security assessed by the Be-Secure community.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent