Vulnerability scans

Germany funds open source security check for SMEs

13/09/2018

Germany’s federal Ministry for Economic Affairs and Energy has been funding a 26-month project to help small and medium-sized companies avoid IT security issues when using open source content management systems. The project started in September 2016 and will end in November this year. The project is now looking for sponsors to continue the online service. “The costs are low as it’s mostly hosting costs,” says David Jardin, one of the developers involved.

Siwecos – the acronym stands for ‘Sichere websiten und content management systeme’ (Secure websites and content management systems) – is making all of the code developed for the project and the service public as open source.

The screenshot from the Youtube introduction shows a (cartoon-like) representation of the Siwecos vulnerability scan on a computer, with a desk lamp on the right
Image source: https://youtu.be/HfwMBpjIlHE

The vulnerability scan service is one of the outcomes of the Ministry’s 2015 call for projects in its IT-Sicherheit in der Wirtschaft (IT security in industry and commerce) initiative. Projects that are awarded funding must service small and medium-sized enterprises (SMEs) directly. According to David Jardin, Siwecos is so far one of the only completely open source projects to receive funding from the German federal government.

The consortium also considered offering paid subscriptions for other types of vulnerability scans. “For now, we prefer to keep this a proper open source project,” Jardin told the European Commission’s Open Source Observatory (OSOR). “Being open source and sharing our code openly has helping us in getting accepted by the open source community. It also helps get the project accepted by SMEs and their website hosting providers.”

The project consortium proposed to focus the service on open source content management systems. “The vast majority of German SMEs use open source to run their websites,” Jardin says. German SMEs can subscribe to the Siweco service for free, to receive regular reports on the IT security status of their CMSs and email alerts whenever security updates are needed.

Earlier this week, Jardin talked about the Siwecos project at the DrupalEurope conference in Darmstadt.

More information:

Siwecos (in German)
Ministry’s call for projects (in German, PDF)

The content of this field is kept private and will not be shown publicly.