Open Source Security Tools for the Security Professional
Home Projects Mailing Lists General Contact Us


Contact: Guy Morgan, Inc., Inc. announces Open Source project for Harvester

This project will be jump started with existing production software that provides robust data collection, consolidation, archiving and analysis of security information.

Open Source Announcement

Oakland, California USA — August 3, 2002 —, Inc., a California-based company providing managed security services, today announced plans for converting its existing security infrastructure software to Open Source projects. The first release will be Harvester, which provides software for the robust data collection, consolidation, archiving and analysis of network, system, application, user activity for security related events.

All Open Source projects will be consolidated at and available to the public on September 3, 2002. Existing open source projects from, Inc. that will move to this site are CryptCat and other encryption, testing and auditing tools. As a true open source solution, the software will be available free of charge and comes with source code and a comprehensive set of tools and utilities for deploying into any environment.


The open source project for Harvester will be jumpstarted based on the existing software developed by, Inc. The current code-base in production has processed in excess of 100 million events in a single month.

Harvester is currently based on the following open source tools: OpenBSD, Linux, Mysql, Apache, PHP, Zope, Perl, Python, Sabernet, Jpgraph, Snort, Nessus, Whisker.

The core engine provides near real -time data collection from host systems (web, mail, etc), network infrastructure systems (router, switch, DNS, PDC/BDC, etc.) and security infrastructure systems (firewall, IDS, VPN, etc.).

Robust consolidation is provided through a centralized database repository. The scoring system provides for standardizing event priorities across different system types and can be used for customizing scores for specific environments. A separate plug-in module provides automation of audit trail archiving.

Comprehensive analysis is provided across several modules, these are correlation, vulnerability management and event management modules. Vulnerability management combines system testing with vulnerability alerts. Event management provides ticket creation, escalation, tracking and reporting capabilities.


All Open Source projects will be consolidated at and available to the public on September 3, 2002. Harvester information will include:

  • Project Objectives
  • Architectural Documentation
  • Technical Specification Draft
  • FAQs
  • Facility for Soliciting Comments

The first code release of Harvester is slated for October 2002 and will include:

  • Revised Technical Specification
  • Core engine for collection and consolidation
  • DB module for MySQL
  • Archiving module
  • Agent modules for integrating various sensors
  • Common scoring engine
  • API for adding additional agent modules

A second release slated for December 2002 and will include bug fixes and an enhanced installation process.

Why, Inc. is Doing This, Inc. primary business is providing security services to our clients. Our investment in developing robust security software has allowed us to offer scalable and profitable services. The primary value to our clients is in the 24x7 monitoring, analysis and support that we provide., Inc. believes that a strong commitment to the Open Source community will help us build better name recognition and obtain access to new clients that have 24x7 operation staff but want commercial technical support for the software.

As an Open Source project the software will be enhanced through peer review and result in extensible high-quality code, secure design and wider industry expert participation in defining functionality & features.

About, Inc., Inc. was founded as a California corporation in March of 2000 and is privately held. Farm9 has facilities located in Oakland California., Inc. is a leading provider of subscription based managed services and complementary professional services protecting our clients’ critical computing infrastructure. This combined service approach allows, Inc. to provide customized end-to-end security solutions to the specific requirements of Financial Services, HealthCare and Internet-driven organizations.

Copyright © 2005, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC