Welcome to SecOPERA
Secure OPen source softwarE and hardwaRe Adaptable framework
“A one-stop hub for complex open-source software and hardware solutions delivering the means to analyse, assess, secure/harden and share open-source solutions as those are integrated into an overall complex product developed for a networked connected environment.“
The aim
SecOPERA aims to provide a one-stop hub for complex OSS/OSH solutions delivering to a connected device designer, implementer and operator as well as any open-source software/hardware developer, the means to analyse, assess, secure/harden and share open-source solutions as those are integrated in an overall complex product developed for a networked connected environment. The SecOPERA hub offers to the open-source community a framework supporting the open-source DevSecOps lifecycle and generates secure open-source solutions along with appropriate, verifiable security guarantees.
SecOPERA Objectives
Provide a complete Security Auditing-Testing toolbox in order to identify security issues in open-source software and hardware
Research and Develop Security Hardening and security enhancement of open-source solutions
Offer Adaptable security solutions for the open-source community (SW and HW) at cognitive, network, application and device layers that are securely updated/patched
Provide the SecOPERA hub that will offer the SecOPERA pool of open-source solutions (with security guarantees) as well as the SecOPERA framework with all the tools to support the SecOPERA concepts of Decompose, Audit/Assess, Secure, Adapt, Update
Validate the SecOPERA solution in two pilots using several use cases that are linked with all aspects of the SecOPERA hub
Provide a viable exploitation and business model of the SecOPERA solution that will comply with the open-source nature of the SecOPERA Framework, repository, and the associated open-source data, software and hardware components
Framework
SecOPERA provides a framework supporting the open-source DevSecOps lifecycle that comprises:
- a decomposition and security audit/testing engine that analyses open-source solutions (OSS/OSH),
- an adaptation engine that debloats OSS/OSH code to remove unrelated open-source code and reduce the code attack surface, and a security enhancement process to harden the OSS/OSH solution,
- an updating/patching mechanism so that the SecOPERA open-source flows remain secure even if their open-source code starting points are vulnerable.
.
On top of that, SecOPERA hub provides:
- an open-source repository for secure modules that is used in the security enhancement mechanism of open-source solutions,
- an open-source repository of security-hardened OSS/OSH solutions and their security guarantees.
