​The primary motivation behind our open source transition is straightforward: ensuring continuity and security for organisations that depend on these tools.

By open-sourcing our entire platform:

• Organisations will always have access to the source code running their security infrastructure
• The community can inspect, verify, and contribute to the security of the platform
• Long-term viability is guaranteed regardless of market conditions
• Security benefits from the collective expertise of the AWS community

Unlike many open source projects that prioritise rapid feature development, our approach is distinctly security-focused:
​

• Rigorous contribution guidelines that emphasise security above all else
• Stringent review process for all proposed changes
• Zero tolerance for security compromises in any contribution
• Controlled evolution to protect existing production deployments​​

This security-first governance model reflects the reality that OpenSecOps components are deployed in financial services and other security-sensitive environments where stability and security are non-negotiable requirements.

​Our complete platform is now open source, including:
​

• OpenSecOps Foundation: Our enterprise-grade AWS infrastructure implementation with centralised logging, SSO configuration, and stringent security best practices and protections
• OpenSecOps SOAR: Our security orchestration platform with automated incident response, forensic capabilities, automatic remediation of security issues, and AI-powered reporting
• Comprehensive Documentation: Installation guides, technical design specifications, and standard operating procedures
  
  

Everything is provided under the Mozilla Public License 2.0, offering both openness and appropriate protections. The MPL 2.0 licence was carefully chosen because it doesn't restrict users in how they implement or deploy the software, whilst ensuring that modifications to the original code remain open source. This means organisations can freely integrate OpenSecOps into their environments without licensing concerns or restrictions on their own proprietary systems.

The open source model offers the ideal path forward for these security platforms. It ensures transparency, continuity, and community engagement whilst maintaining the high security standards that our users require.

We believe that security tools should be accessible, transparent, and community-driven. By embracing open source, we're creating a foundation for more secure AWS environments across all organisations, regardless of size or industry.

Join us on this journey as we build a more secure cloud future together.

We see open source as a strength. It's no secret that part of our offerings is open source, written by us or other reputable developers. For instance, here's the new version of our serverless log aggregation system:

https://github.com/OpenSecOps-Org/Foundation-control-tower-log-aggregator

The log aggregator is part of OpenSecOps Foundation and will massage your AWS log files to cut your log file storage costs in half, amongst other things. 

Suppose you use it with our open-source multi-account log aggregator, (https://github.com/OpenSecOps-Org/Foundation-CloudWatch2S3). In that case, you have a complete solution for automatically collecting CloudWatch logs from all accounts in an AWS organization and storing them centrally in a consistent format and structure along with all system logs. 

Best of all, it costs you absolutely nothing.

You'll find all our open-source offerings here.

Why do we do this? Because we like to get the initial complexities out of the way so we can assist our clients with the architecture that really matters. Thus, OpenSecOps Foundation has no license fee; we only charge for the time it takes us to install it. Now that's a value proposition you might want to consider.

P.S.: Apart from our open source, you'll like our proprietary security aspects too, which include fully text-based configuration and a battle-tested system to prevent any escalation of privileges, amongst other things. Full details here.