The Slings and Arrows of Open Source Security

Creating and distributing useful software requires significant intellectual, emotional, temporal, and financial resources. Security software tends to require some level of operational security around vulnerability disclosures, and often carries some unique ethical and legal implications. On top of all this, “open source” often means there is no paycheck at the end of the week for programming effort. Why go to all the trouble? Why do some open source security projects succeed while many others fail? What does success even mean for open source? This talk by Thomas d’Otreppe (Aircrack-NG project lead) and Tod Beardsley (Metasploit engineering manager) will explore the unique challenges (and rewards!) faced by open source security projects. They will discuss strategies to keep projects and contributors on track, provide resources that make the life of an open source developer more productive and rewarding, and offer their unique insight into open source security development. Participants in this talk will come away with the tools and knowledge needed to launch a new open source security project or more effectively contribute to an existing one.