5 open source security tools too good to ignore

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. 

If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. 

Open source has always been a rich source of tools for security professionals—Metasploit, the open source penetration testing framework, is perhaps the best-known—but information security is not restricted to the realm of researchers, investigators, and analysts, and neither are the five open source security tools we survey below. IT administrators and software developers have a key role to play, and with these five tools, they can make a difference. 

Commit Watcher: Check code repos for secrets

Secrets don’t belong in open source repositories, but that doesn’t stop absentminded developers from storing them there. We’ve all read the reports of people accidentally exposing private Amazon Web Services keys, hard-coded passwords, or API tokens by uploading them to GitHub or other code repositories.