I am back from my annual pilgrimage to Vegas for Security Week. Between Black Hat, DefCon and BSides Las Vegas, a critical mass of the infosec universe is on hand and it always a great learning experience in addition to a great time. I wanted to highlight a few things you probably haven't read about yet that I learned in Vegas.
The first is the next release of the Cuckoo Sandbox malware analysis tool. I first wrote about Cuckoo a few months back when it was selected as one of the inaugural Magnificent 7 winners by Rapid 7. I then did a follow-up Open Network Podcast with the founder of Cuckoo, Claudio Guarnieri, which you can listen to here.
Guarnieri was out in Vegas for the conferences so I had a chance to finally meet him in person. It was interesting speaking to the founder and lead developer of a successful open source project. Claudio lives in Amsterdam and is a security researcher by trade (in fact, he recently took a position with Rapid 7). He started Cuckoo Sandbox to help himself with his research and to help others like him. He had very modest goals for the project. In fact, when he won the Magnificent 7 award he didn't even go out and spend all the money. But winning the award, as well as the amount of people and companies that have come to use the product, has shown him that he needed to redo some things.
This new version of Cuckoo (version .4) has a lot of the basic plumbing redone. Claudio realized that if it were to continue growing and meeting people's needs, Cuckoo would need to be much more scalable and reliable with the ability to add more features in the future. So, primarily himself with the help of one or two others have spent the last six months rewriting much of Cuckoo to achieve these goals. Now Claudio says that future versions of Cuckoo will be much easier to develop and will have much greater stability and features.
One thing I was surprised at was when Guarnieri told me that many companies are now starting to embed Cuckoo Sandbox in their malware analysis tools. I asked him how this made him feel. They were packaging and selling the code that he worked so hard on and he was not making any money on it. This is always something that I have known to upset open source developers in the past. But not Claudio; he was honored that they would include his code in their products. As long as they abide by the rules of the license he is fine with it and wishes them continued success and profit using the fruits of his labor.
I guess that is the right attitude to have if you are going to develop open source software. But I still find it somewhat surprising. In any event, Claudio is most proud of all the malware that has been discovered using Cuckoo Sandbox. It really has become a very useful tool not only for him, but for security researchers the world over.
I spoke with Marcus Garvey of Rapid 7 who has a lot of ties to the U.S. government infosec community, and he was surprised at how many government types were using the products. Claudio says that while most of those contributing code come from Europe, most of the users are actually from the U.S. The fact that people the world over were using Cuckoo, though, was still humbling and amazing to him.
So Cuckoo seems to be well on its way to becoming a staple in the security research community. Another solid open source project developed for the right reasons and a useful tool for many.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.