Cybersecurity is headed to open source with a new initiative backed by IBM and McAfee, among other companies.
The Open Cybersecurity Alliance (OCA) was formed to pull the fragmented elements of the cybersecurity landscape under one roof by using open source code and practices. The new open source group is under the umbrella of the Organization for the Advancement of Structured Information Standards (OASIS).
IBM Security and McAfee kicked in the initial open source content and code into the OCA. Additional members include Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin. In today's press release, the OCA also threw out the welcome mat for additional organizations and individuals.
The goal of the OCA is to develop and promote sets of open source common content, code, tooling, patterns, and practices for interoperability and sharing data among cybersecurity tools for enterprise users.
Currently, organizations use 25 to 49 different security tools from up to 10 vendors on average, each of which generates siloed data, according to industry analyst firm Enterprise Strategy Group. In addition, connecting today's tools and data requires complex integrations that take away time that could otherwise be spent hunting and responding to security threats.
Using the collective knowledge and technologies of its members, the OCA's mandate includes improving security visibility and ability in order to discover new insights and findings that otherwise might have been missed.
It will also work on extracting more value from existing products while reducing vendor lock-in, and connecting data and sharing insights across products.
“When security teams are constantly spending their time manually integrating tools and maintaining those integrations, it’s not helping anyone other than the attackers,” said Jason Keirstead, chief architect, IBM Security Threat Management, in a statement. “The mission of the OCA is to create a unified security ecosystem, where businesses no longer have to build one-off manual integrations between every product, but instead can build one integration to work across all, based on a commonly accepted set of standards and code.”
In May, OASIS, announced it had launched Open Projects. Open Projects, which was first formed at the start of this year, gives its member projects the freedom to develop what they chose, whether that's APIs, code, specifications, reference implementations or guidelines. Open Projects helps with the open source licensing process and provide a path to recognition in global policy and procurement.