Communications of the ACM
Project Sonar Crowdsources a Better Bug Killer
Project Sonar is a crowdsourced effort to improve security through the active analysis of public networks.
Credit: Reviewness.com
Rapid7 chief research officer HD Moore is developing ways of identifying vulnerable Internet-facing systems and devices through exhaustive scans of the Internet. At the recent DerbyCon 3.0 conference, he sought to crowdsource this effort by launching Project Sonar.
"Project Sonar is a community effort to improve security through the active analysis of public networks," Moore says. He reports that this will involve "running scans on Internet-facing systems, organizing the results, and sharing the data with the information security community."
Rapid7 recently released approximately 3 TB of data gathered from numerous scans, but Project Sonar invites researchers to not only comb through this data, but perform their own scans. Until very recently, exhaustive port scanning could take years and required the use of numerous devices, but new platforms including the open source ZMap network scanner and Errata Security's Masscan tool can carry out such scans in minutes. However, Moore notes that although obtaining such data is easier now, analyzing it requires a great deal of manpower--hence Project Sonar's call to crowdsource the effort.
From InformationWeek
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found