Open source libraries and frameworks are a great way to jump-start development projects. Open source empowers developers to do some great things without reinventing the wheel and developing solutions for problems that have already been solved. However, adding any code to a project carries an inherent risk of introducing potential vulnerabilities that may have made their way into it through error or malice.

Today, open source software provides the foundation for the vast majority of applications across all industries, and software development has slowly moved toward software assembling. Because of this change in the way we deliver the software, new attack surfaces have evolved and software security is facing new challenges inherent with dependency on open source software.

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.