Malware on your website can cause problems for visitors. It might also get search engines and other services not to include your site and hence decrease number of visitors.

Dasient have released an open source version of its Web server infection remediation technology. It’s an offspring of Dasient’s Web Anti-Malware (WAM) remediation package called Mod Anti-Malware Lite. It’s installs as an Apache server module. Mod Anti-Malware Lite tries to identify malware before they can affect the protected URL. It could be of interest for web hosting providers, individual web sites and developers.

Read more:

Dasient blog: Dasient launches Web Anti-Malware Lite

Neil Daswani’s Blog: Introducing Dasient Web Anti-Malware (WAM)
(Neil Daswani is one of the founders.)

As a complement to security framework I started a The Encyclopedia of Cyber Security. The goals of the Encyclopedia is to show different attacks most people miss and train lateral thinking so the user want miss other security problems just because they haven’t heard about them.

A good example of this is the first article about The Timing Attack. If you can take the eyes of cryptosystems and look at any- and everything you will notice that time often leaks sensitive information.

The page Secure OS can now be found in the Security Framework. First three solutions added was PERSEUS, SELinux nGarde Secure Linux

General should every resource in the framework be given a link to some sort of status page that without problem gives the current status. That could also be a group, e-mail or anything else their trusted information or a project member can be reach.

NIST have released a security framework for federal use:

Recommended Security Controls for Federal Information Systems (NIST Special Publication 800-53 Revision 3)

OpenCyberSecurity.org hopes to be a very practical framework connecting a security need or an arbitrary group of security needs with one or several practical solutions for small everyday entities.

NIST Special Publication 800-53 Revision 3 would instead be suitable for very large organizations. It rather defines how to work while defining security need, cost, finding solutions, implement, perform quality assurance, follow up and everything else from A to Z.

Actually in OpenCyberSecurity.org NIST Special Publication 800-53 Revision 3 would be a solution for very large organizations searching for a general information security management system. But for now I add it in Methology and guidelines.

I added (”burned”) the blog feed at FeedBurner and it can be found at:

feeds.feedburner.com/securityframework

Also I removed the default search function and added Google Custom Search.

The blog is however new and it will probably take some time before Google have OpenCyberSecurity.org in the search index. Before that Google Custom Search want work. Since I have verified the domain using Google Webmaster tools and have provided a sitemap I hope it want take long before Google Custom Search starts working.

Planned solution areas not yet implemented as pages:

Client security
Email security
Social network and social media
Mobile Devices
Search engine security
Cognitive security
Affective information leakage

But several more areas will be added.

A page with content license for Opencybersecurity.org can now be found at the page:

Content license

License is set to Creative Commons 3.0 BY.

Three new resources was added to the page Methology and guidelines together with a summary, URL for download, information about license and additional resources. Please comment on resources!

Example of resources in this section:

www.isecom.org/osstmm/
csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
code.google.com/p/browsersec/

Pages with about information for both Opencybersecurity.org and me (Hans Husman) have been added:

About Hans Husman

About Opencybersecurity.org

More about the goals with Opencybersecurity.org can be read in:

Structuring security – Solutions and Need

This blog lacks any and all commercial goals and I might even make it open source if it turn out to be something to build on.

Opencybersecurity.org will in the first step collect resources in the following two groups:

1.  Information about different libraries, toolkits, products, services, infrastructure, standards, frameworks and other kind of pieces used to solve the security puzzels.

Ex: OpenSSL, Google Safe Browsing API, OpenLDAP, OSSTMM – Open Source Security Testing Methodology Manual .

2. Identifiy and describe typical need areas for such entities that often have problem handling security (often due to limited resources).
Ex: Non-profit organizations, small companies, private citizens.

In the third state or possibly parallel with 1. and 2. create:

3. Create a lookup table making it possible for different need areas to find solutions on a higher level. Here different level of focus should be possible for example see packages solving problems but also drill down and choose between different solutions for an individual problem.

It should be possible to view the lookup table as map, stimulation and/or similar making to easier to understand.

At every level in the lookup table references to relevant research, guides, security reports and similar should be added.

Hence Opencybersecurity.org will not create any security solution at all. No code, no products, no guidelines. It will only structure solutions already existing.