The Unbearable Weight of Commercial Licensing. Combining Closed Systems with Open Source Defense
Unknown
BSides Las Vegas 2025 · Day 1
Kia Ard’s talk uses **commercial licensing complexity** and **closed security products** as a launch point for a defender-centered argument: when procurement, entitlements, and opaque alert taxonomies slow understanding, **open platforms** that preserve **history**, **context**, and **community vetting** can complement—not replace—enterprise tools. The session is explicitly **opinionated but not ideological**; Ard acknowledges strong commercial products while critiquing how **licensing lock-in**, **short telemetry retention** in SaaS consoles, and **marketing-heavy** alert names can degrade analyst efficacy. The proposed counterweight is **MISP** (**Malware Information Sharing Platform**), presented as an open-source **threat sharing** and **correlation** hub with rich **taxonomy** support, **TLP**-style sharing semantics, **workflow** automation, and integrations that can feed **EDR**, **firewalls**, and **SIEM** pipelines.
AI review
A practitioner-friendly MISP advocacy talk with a credible live demo and honest trust/automation caveats, but limited new research for audiences already running modern TIP programs.