The Importance of Open Source in Securing the Internet of Things

Open Source plays an important role in securing the Internet of Things. As more embedded products become available and security updates are required, devices will reach end-of-life, no longer supported by their creators, but will still remain in use. In the case of an open source project, developers within the open source community can contribute to updating the device as it continues to be used. This open source community can become an insurance blanket over a product, allowing the public to continue using a product that may no longer be supported by its initial developers, but still has active contributors.

In Beth Flanagan’s recent keynote talk at OSCON 2014, she discusses the importance of security and Open Source within the Internet of Things. Her speech, “Yes, Your Refrigerator is Trying to Kill You,” covers the consequences of insufficient security in embedded devices. The title example is the idea of someone hacking into your refrigerator and turning it off every night and back on every morning, slowly spoiling your food and ultimately leading to your death. While this control over your refrigerator could very easily occur and devices belonging to the connected home should still be considered highly important on a security level, these types of devices are not her main concern, but rather implantable devices, such as pacemakers, that contribute to keeping a person alive. If a pacemaker or insulin pump has wireless capabilities, a user’s health could be dictated by someone hacking into the device, which demonstrates the immediate need for a secure system.

wolfSSL developed CyaSSL with this need for security and open source development in mind. With a GPL v2.0 license as an option for building with the CyaSSL lightweight, embedded SSL library, content is available to open source projects, further enhancing the security features. Since CyaSSL was designed for embedded devices, developers have the option to seamlessly secure any of their products.

If you are a developer with questions regarding CyaSSL, open source, or securing an embedded device, please contact us at or go to our website at