SecurityWeek has an article today about a new open source security web app released by Netflix.
Netflix this week released Stethoscope, an open source web application that gives users specific recommendations for securing their computers, smartphones and tablets.
Stethoscope was developed by Netflix as part of its "user focused security" approach, which is based on the theory that it is better to provide employees actionable information and low-friction tools, rather than relying on heavy-handed policy enforcement.
Netflix believes employees are more productive when they don't have to deal with too many rules and processes. That is why Stethoscope scans their devices and provides recommendations on security measures that should be taken, but allows them to perform the tasks on their own time.
Stethoscope analyzes a device's disk encryption, firewall, automatic updates, operating system and software updates, screen lock, jailbreaking or rooting, and installed security software. Each of these factors is attributed a rating based on its importance.
[...] The Stethoscope source code, along with instructions for installation and configuration, are available on GitHub. Netflix has invited users to contribute to the tool, particularly with new plugins.
Stethoscope is not the only open source security tool released by Netflix. The company has made available the source code for several of the applications it uses, including the XSS discovery framework Sleepy Puppy, and the threat monitoring tools Scumblr and Sketchy.
(Score: 1) by Ingar on Friday February 24 2017, @05:33PM
Except off course, if you're a customer.
(Score: 1, Interesting) by Anonymous Coward on Friday February 24 2017, @05:54PM
To be fair they license a ton of content from people who are just sooo scared of "pirates" so either they implement some acceptable (to their content owners) form of DRM or they get very little content. Having them support open source anything is good, it indicates a changing corporate culture that isn't so paranoid.
(Score: 2) by lentilla on Friday February 24 2017, @06:45PM
The phrase "open source" was mentioned four times in the submission - but what exactly does this mean? Not that I wish to nitpick, but given that this site is frequented primarily by people that actually understand technology (rather than by those who like to think they understand), perhaps we could afford to be a little more precise when talking about licensing?
This tool is released under the Apache Licence Version 2.0. (See the LICENSE [github.com] file.)
Every time I hear the phrase "open source" I imagine a Chief Technology Officer-type sipping artisanal coffee, reading an industry rag. Five minutes later they are barking orders at their team to implement the latest fad as they pull on their coat and head out of the office to play golf with those friendly chaps from Oracle. Maybe I'm just a little jaded.
(Score: 0) by Anonymous Coward on Friday February 24 2017, @07:01PM
Why is it that the CE levels are so often a bit clueless??
(Score: 0) by Anonymous Coward on Friday February 24 2017, @07:29PM
Mmmmm! Artisanal coffee! Would go well with my hand-crafted artisanal sandwich, made with artisanal bread, artisanal bologna, and made by artisanally organic elfs.
(Score: 2) by JoeMerchant on Saturday February 25 2017, @05:42AM
Somebody has to play golf with the friendly chaps from Oracle, it's how the corporate world is woven together at the top levels.
Can you imagine the chaos if we didn't have patents, lawsuits, and the courts to keep business models intact? Everyone would starve within a month without the protection of the status quo. /s
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Friday February 24 2017, @09:27PM
"Please complete the security check to access www.securityweek.com"
I came to find out about the security check, you insensitive clods!
(Score: 0) by Anonymous Coward on Saturday February 25 2017, @07:09AM
l
o
l