Cybersecurity alliance launches first open source messaging framework for security tools

OpenDXL Ontology is designed for data and command sharing between cybersecurity software.
Written by Charlie Osborne, Contributing Writer

A new language framework designed to breach fragmentation gaps between cybersecurity tools has been released to the open source community. 

Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

See also: Cybersecurity giants join forces to combat cyberthreats under OASIS umbrella

OpenDXL Ontology, now available, aims to create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other -- such as endpoint systems, firewalls, and behavior monitors -- but suffer from fragmentation and vendor-specific architecture. 

This is not the first open source project developed by the consortium. The Open Data Exchange Layer (OpenDXL) is an open messaging framework already used by roughly 4,000 organizations to improve tool integration. 

Ontology aims to improve sharing by way of a language that is usable by any vendor, providing one set of tooling that can be reused across various cybersecurity products. 

OCA says that an additional benefit of the open source framework and tooling is the elimination of requirements to update integrations when software versions or functionalities change.

CNET: UCLA cancels on-campus facial recognition program after backlash

"For example, if a certain tool that detects a compromised device, it could automatically notify all other tools and even quarantine that device using a standard message format readable by all," OCA says. "While previously this was only possible with custom integrations between individual products, it will now be automatically enabled between all tools that adopt OpenDXL Ontology."

Under OASIS, the OCA was formed in October 2019. Led by IBM and McAfee, the cybersecurity consortium now includes 26 companies. New members include Armis, Recorded Future, Gigamon, and Tripwire. 

TechRepublic: Security holes in 2G and 3G networks will pose a risk for next several years

The organization's mantra is "integrate once, reuse everywhere," and it is hoped that OpenDXL Ontology, by being made available to the open source community, will result in new use cases and further development. 

OpenDXL Ontology is available on Github

Alongside the new project, the OCA community is also developing STIX-Shifter, a search function for security tools. 

The biggest Internet of Things, smart home hacks of 2019

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards