Some notes on a security conference I attended to widespread openSUSE word
Hi all, this is the first message in this list so let me spend some words to introduce myself. I'm Paolo, solution security engineer in SUSE since March 2021 and in the application security market since 2001 (mostly as penetration tester and code reviewer). A couple of weeks ago I attended RomHack, a security event in Rome, with an openSUSE booth. We were also silver sponsor and I had the chance to give a talk on about open source and security, mainly focused on how do we act dealing with packages going in our distro. I would like to share some notes I wrote right after the conference end. 1. People present on the conference were surprised that an OS vendor was having a booth, but they really liked it and they felt is a good thing. 2. Most of the people who came to our booth were not aware of the existence of SUSE and openSUSE. Perhaps if we participate in more events like this can be the first step in changing that. We could also reach out to contacts with newspaper or tech journalists and youtubers which could help promote our brand. Especially in Italy, where I live. 3. The people who previously heard about us thought that we produce a "derived" distribution. I explained that we use rpm, that we started back then like Slackware fork in the very early stages but now have our own identity, brand and added value services. 4. A person asked "tell me how to convince my boss that you're a good centos replacement". I talked to him about our team efforts in security, hardening configuration of base os, AppArmor, Rancher and NeuVector acquisitions. Perhaps we should brag more about our achievements in the area. Please note that I'm not a marketing person, so my view is limited. Feel free to integrate to enrich the discussion. At the time I'm writing this, I'm thinking adding some content to my YouTube channel to promote the usage of openSUSE in security testings, so to prove how versatile it can be. HTH -- (*_ Paolo Perego @thesp0nge //\ Software security engineer suse.com V_/_ 0A1A 2003 9AE0 B09C 51A4 7ACD FC0D CEA6 0806 294B
I really like this approach! Indeed security (and privacy) can be one of the aspects we can focus when we are at installfests, confs. etc. It would be very beneficial for our community and (us as users) to see the security aspect of our distro! If you need any assistance or idead Paolo I would be very happy to assist you as I also work in cybersecurity. Best, Nikos Στις Τετ 5 Οκτ 2022 στις 11:53 π.μ., ο/η Paolo Perego <paolo.perego@suse.com> έγραψε:
Hi all, this is the first message in this list so let me spend some words to introduce myself. I'm Paolo, solution security engineer in SUSE since March 2021 and in the application security market since 2001 (mostly as penetration tester and code reviewer).
A couple of weeks ago I attended RomHack, a security event in Rome, with an openSUSE booth. We were also silver sponsor and I had the chance to give a talk on about open source and security, mainly focused on how do we act dealing with packages going in our distro.
I would like to share some notes I wrote right after the conference end.
1. People present on the conference were surprised that an OS vendor was having a booth, but they really liked it and they felt is a good thing.
2. Most of the people who came to our booth were not aware of the existence of SUSE and openSUSE. Perhaps if we participate in more events like this can be the first step in changing that. We could also reach out to contacts with newspaper or tech journalists and youtubers which could help promote our brand. Especially in Italy, where I live.
3. The people who previously heard about us thought that we produce a "derived" distribution. I explained that we use rpm, that we started back then like Slackware fork in the very early stages but now have our own identity, brand and added value services.
4. A person asked "tell me how to convince my boss that you're a good centos replacement". I talked to him about our team efforts in security, hardening configuration of base os, AppArmor, Rancher and NeuVector acquisitions. Perhaps we should brag more about our achievements in the area.
Please note that I'm not a marketing person, so my view is limited. Feel free to integrate to enrich the discussion.
At the time I'm writing this, I'm thinking adding some content to my YouTube channel to promote the usage of openSUSE in security testings, so to prove how versatile it can be.
HTH -- (*_ Paolo Perego @thesp0nge //\ Software security engineer suse.com V_/_ 0A1A 2003 9AE0 B09C 51A4 7ACD FC0D CEA6 0806 294B
-- Nikos Mantas
Hi Nikos, sorry for the late reply, On Wed, Oct 12, 2022 at 02:59:07PM +0300, Nick Mantas wrote:
I really like this approach! Indeed security (and privacy) can be one of the aspects we can focus when we are at installfests, confs. etc. It would
Yes. I agree and I'm looking at the Italian conf scene in 2023 looking for interesting events to be part of. My idea is that pushing the message on how versatile openSUSE is and how to create a suitable working enviroment for a developer or a security researcher, can help to increase distro visibility.
be very beneficial for our community and (us as users) to see the security aspect of our distro! If you need any assistance or idead Paolo I would be very happy to assist you as I also work in cybersecurity. :-) At the moment I'm working on a Leap containerized image with most used tools in a penetration test. Maybe when I'll solve how to have GUI application running in a container, I'll post the conf file on Github.
Paolo -- (*_ Paolo Perego @thesp0nge //\ Software security engineer suse.com V_/_ 0A1A 2003 9AE0 B09C 51A4 7ACD FC0D CEA6 0806 294B
Le jeudi 27 octobre 2022 à 18:38 +0200, Paolo Perego a écrit :
Hi Nikos, sorry for the late reply,
On Wed, Oct 12, 2022 at 02:59:07PM +0300, Nick Mantas wrote:
I really like this approach! Indeed security (and privacy) can be one of the aspects we can focus when we are at installfests, confs. etc. It would
Yes. I agree and I'm looking at the Italian conf scene in 2023 looking for interesting events to be part of.
My idea is that pushing the message on how versatile openSUSE is and how to create a suitable working enviroment for a developer or a security researcher, can help to increase distro visibility.
be very beneficial for our community and (us as users) to see the security aspect of our distro! If you need any assistance or idead Paolo I would be very happy to assist you as I also work in cybersecurity. :-) At the moment I'm working on a Leap containerized image with most used tools in a penetration test. Maybe when I'll solve how to have GUI application running in a container, I'll post the conf file on Github.
You can either have a look at https://github.com/89luca89/distrobox or https://github.com/mviereck/x11docker -- Frederic CROZAT Enterprise Linux OS and Containers Architect SUSE
participants (3)
-
Frederic Crozat -
Nick Mantas -
Paolo Perego