Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Cybersecurity Firms Partner on Open Source Security Technology Development

A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies.

A group of cybersecurity companies this week announced the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies.

Established with initial open source contribution from IBM Security and McAfee and formed under the OASIS (Organization for the Advancement of Structured Information Standards) international consortium, OCA brings together both organizations and individuals.

The focus of this new initiative is to come up with open source code to freely exchange information, insights, analytics, and orchestrated responses.

On average, organizations today use over 25 security tools from up to 10 vendors, and OCA aims to create the necessary protocols and standards to ensure these tools work together and share information between vendors.

Members of the alliance will work together to develop and promote open source common content, code, tooling, patterns, and practices that will ensure interoperability and data sharing. This should help enterprises improve security visibility, extract more value from existing products, reduce vendor lock-in, and connect data and share insights across products.

“The aim is to simplify the integration of security technologies across the threat lifecycle – from threat hunting and detection, to analytics, operations and response – so that products can work together out of the box,” OCA says.

Initial technology contributions to OCA include STIX-Shifter from IBM Security and OpenDXL Standard Ontology from McAfee. The former aims to create a universal, out-of-the box search capability for security products, while the latter focuses on creating an interoperable cybersecurity messaging format for the OpenDXL messaging bus.

Some of the companies to have already joined the alliance include Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.

However, the OCA welcomes all organizations and individual contributors, from all around the world.

Related: Sophos Makes Sandboxie Free in Transition to Open Source

Related: FireEye Releases Open Source Persistence Toolkit ‘SharPersist’

Related: Cruise Releases Automated Firmware Security Analyzer to Open Source

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.