Introduction This talk was given by Dr. David Mirza Ahmad, one of the main mentors at Subgraph, an open source security startup based in Montreal. The talk was based on Kerchoff's principle that “the security of any cryptographic system does not rest on its secrecy; it must be able to fall without inconvenience into the hands of the enemy” [1]. The Kerchoff Principle emphasizes that free software must have reasonably good security. This fact is well understood in the crypto world, because cryptography is a black box where you never know what is going on inside. There are many security research communities around the world, but many are informal and low-budget. Security researchers are a curious mix of people attending the same conferences, such as teenage hackers, college students, members of intelligence agencies, etc. It is very interesting to note several common things among security researchers such as: • They are motivated by the natural tendency to challenge the authority of numbers. • They are always passionate about breaking things. • Possess a good understanding of Kerchoff's principle• Share information with everyone, but don't trust each other. Any tools that are not open source are treated suspiciously. Bugtraq This was a community originally created by Scott Chasin and hosted by crimelab.com that changed the world of the software industry. It is essentially an electronic mailing list dedicated entirely to IT security issues. Hot topics were discussed in the global forum regarding vulnerabilities, exploitation methods, and vendor security-related announcements. [2]• During its peak period between the years 2001-2005, it had approximately...... middle of paper ...... of the specification• It is also written in pure JAVA and can be used as a standalone library or client• Supports Android and hidden services.• Its seamless integration into JAVA or JVM applications makes it popular.ConclusionThis was an eye-opener on open source security mainly because the speaker himself was the developer and one of the main programmers of the security tool called Vega. New numbers should never be trusted in the crypto world. The Kerchoff principle is very important and opposes the concept of security through obscurity. We can understand that open source improves security, at the same time it is a matter of trade-offs where we must prioritize our choices. References[1] Slides from “Kerchoff's Legacy: Free Software and Security”[2] http://en.wikipedia.org/wiki/Bugtraq[3] http://www.subgraph.com/