2024-10-22 –, Europe - Main Room
Maintaining an open source security project for almost 8 years gives lots of opportunity for collecting experiences...good and bad ones. Time for sharing the experience from maintaining Sigma!
Development of Sigma started in the end of 2016 as proof-of-concept of an idea to create a language for detections and developed into an open standard widely used by lots of organizations. In between it took a journey from PoC-grade code that people started to use in production, a complete rewrite of the toolchain and growing from a project maintained by few individuals to multiple projects maintained by a community.
In this talk I will share the experience from my perspective as a core maintainer of the Sigma project. Some of the topics are:
- Organizing and structuring a growing open source security project.
- Ensuring quality.
- Keeping to maintain existing code vs full rewrite.
- Contributions, trust and handing over control.
- Staying motivated and handling stress and exhaustion.
Thomas has 18 years experience in information security and has done lots of stuff in this area, from offensive to defensive security topics. Now he is doing incident response, threat hunting and threat intelligence at the Evonik Cyber Defense Team. Furthermore, he is co-founder of the Sigma project and maintains the open source toolchain (pySigma/Sigma CLI).