acm-header
Sign In

Communications of the ACM

ACM TechNews

Project Sonar Crowdsources a Better Bug Killer


View as: Print Mobile App Share:
An electronic "bug zapper."

Project Sonar is a crowdsourced effort to improve security through the active analysis of public networks.

Credit: Reviewness.com

Rapid7 chief research officer HD Moore is developing ways of identifying vulnerable Internet-facing systems and devices through exhaustive scans of the Internet. At the recent DerbyCon 3.0 conference, he sought to crowdsource this effort by launching Project Sonar.

"Project Sonar is a community effort to improve security through the active analysis of public networks," Moore says. He reports that this will involve "running scans on Internet-facing systems, organizing the results, and sharing the data with the information security community."

Rapid7 recently released approximately 3 TB of data gathered from numerous scans, but Project Sonar invites researchers to not only comb through this data, but perform their own scans. Until very recently, exhaustive port scanning could take years and required the use of numerous devices, but new platforms including the open source ZMap network scanner and Errata Security's Masscan tool can carry out such scans in minutes. However, Moore notes that although obtaining such data is easier now, analyzing it requires a great deal of manpower--hence Project Sonar's call to crowdsource the effort.

From InformationWeek
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account