The open source community generally hasn’t produced many security analysis tools. For the most part, the tools required to do malware research are available only under a commercial license from security vendors that sell security software and hardware.
Looking to increase the number of open source developers actively doing security research, at DerbyCon 2015 late last week, Bromium unveiled Packer Attack, an open source tool that enables security researchers to see what’s happening inside encrypted and encoded malware.
Vadim Kotov, senior security researcher at Bromium, says the company started work on Packer Attack in earnest shortly after a Heartbleed bug compromised open source security on a broad scale. After that, it was apparent that not only were there not enough developers researching open source security, but also researchers didn’t have ready access to the tools needed to study advanced forms of malware.
While it remains to be seen how many developers will actually take up open source security research, it’s apparent that security vendors perceive that the tools they use to research malware have commercial value. At the other end of the spectrum, however, Kotov says it’s easy to see how the academic community might contribute more aggressively to open source security research if there were free tools available.
Regardless of how it is accomplished, there is clearly a need for more work to be done in an area of open source security research—especially when more malware than ever is being delivered via encrypted payloads. Arguably, it’s counterproductive to ask researchers to pay to use tools that they have no real commercial interest in profiting from; not to mention, such research benefits the IT community as a whole.
How the rest of the IT security vendor community responds to having open source security research tools more broadly available remains to be seen. But at this juncture it would appear that Bromium is stepping up to force the issue.