The OpenSecOps newsletter provides updates on our open-source AWS security and operations platform. Subscribe for announcements about new features, security best practices, implementation tips, and community contributions. We'll share insights about our Foundation (AWS infrastructure best practices) and SOAR (security automation) components, along with practical guidance for deploying and managing secure cloud environments. This low-volume newsletter helps you stay informed about this project that reduces AWS setup from person-years to just days.

https://buttondown.com/opensecops

​The primary motivation behind our open source transition is straightforward: ensuring continuity and security for organisations that depend on these tools.

By open-sourcing our entire platform:

• Organisations will always have access to the source code running their security infrastructure
• The community can inspect, verify, and contribute to the security of the platform
• Long-term viability is guaranteed regardless of market conditions
• Security benefits from the collective expertise of the AWS community

Unlike many open source projects that prioritise rapid feature development, our approach is distinctly security-focused:
​

• Rigorous contribution guidelines that emphasise security above all else
• Stringent review process for all proposed changes
• Zero tolerance for security compromises in any contribution
• Controlled evolution to protect existing production deployments​​

This security-first governance model reflects the reality that OpenSecOps components are deployed in financial services and other security-sensitive environments where stability and security are non-negotiable requirements.

​Our complete platform is now open source, including:
​

• OpenSecOps Foundation: Our enterprise-grade AWS infrastructure implementation with centralised logging, SSO configuration, and stringent security best practices and protections
• OpenSecOps SOAR: Our security orchestration platform with automated incident response, forensic capabilities, automatic remediation of security issues, and AI-powered reporting
• Comprehensive Documentation: Installation guides, technical design specifications, and standard operating procedures
  
  

Everything is provided under the Mozilla Public License 2.0, offering both openness and appropriate protections. The MPL 2.0 licence was carefully chosen because it doesn't restrict users in how they implement or deploy the software, whilst ensuring that modifications to the original code remain open source. This means organisations can freely integrate OpenSecOps into their environments without licensing concerns or restrictions on their own proprietary systems.

The open source model offers the ideal path forward for these security platforms. It ensures transparency, continuity, and community engagement whilst maintaining the high security standards that our users require.

We believe that security tools should be accessible, transparent, and community-driven. By embracing open source, we're creating a foundation for more secure AWS environments across all organisations, regardless of size or industry.

Join us on this journey as we build a more secure cloud future together.