Security is a fundamental building block of today’s digital society. Establishing trust with connected products and online services is critical to how modern organizations operate for the confidence it creates in ensuring online interactions and transactions are safe.
As one of the four pillars of digital trust, transparency lies at the core of enhancing trust within an organization and its promise to deliver quality digital products and services. Open-source enables transparency and trust in software development, drawing on a collaborative community of developers who collectively make enhancements, share, and distribute updates in the software.
This month, we sat down with Malin Ridelius, Keyfactor’s Vice President of Community – Open-Source Products, to explore the role open-source has on secure development and its impact on cybersecurity. Malin has over two decades of product marketing and management experience with PKI, electronic signatures, and digital identities. Based in Stockholm, she has been a part of the Keyfactor team for five years and is responsible for establishing EJBCA, SignServer, and Bouncy Castle as leading open-source solutions for PKI, signing, and cryptography.
What brought you to Keyfactor?
Throughout my career, I realized that I love working with product development organizations that have international business. They offer a diverse mix of colleagues, including skilled experts, who are sincerely passionate about the work they’re doing. An added benefit is that I can have access to the engineers who are actually developing the technology. This is the type of environment where I feel my skills are the most effective. Serving as the interface between engineers and the rest of the world, many of my responsibilities center around driving demand for products through effective messaging – and what better way to craft that message than hearing it directly from those creating it?
When I joined PrimeKey five years ago, I was searching for a new challenge to expand my technical expertise and grow my career. I have an extensive background in PKI signing and have worked for several other companies in this space. I had followed the company for a while by that time, having known the co-founders, Tomas Gustavsson and Admir Abdurahmanovic, when I was at university. Their focus on open-source was new to me but sparked my interest. I knew that by working at PrimeKey, I’d gain new experience and also get the opportunity to work with motivational leaders I admired. And, of course, a few years later PrimeKey merged under the Keyfactor brand.
What is your role at Keyfactor and how has your team contributed to the company’s success?
In my current role, I am responsible for driving the development of the Keyfactor Community, which is our community of developers, engineers, and security teams. This program is very focused on providing users and customers with hands-on access to Keyfactor’s open-source PKI and signing software source code, and encouraging engagement through downloading and using the software at each release. All this activity ultimately contributes to the development of high-quality products.
The community’s main objective is to continuously reach new audiences. By extending invitations to engineers within various industries, we make our PKI, code signing, and cryptography technology accessible to an expanded network and can gather new intelligence on our products. As modern enterprises become more connected, there is a growing need for certificates within every organization. Offering Keyfactor’s software stack as freely available open-source allows any organization to implement security early in a project through faster iteration, flexible development processes, and robust community support.
As part of this goal of delivering greater security that everyone can use, we believe in improving our products through collaborations with others. The Keyfactor Open-Source Community enables us to do this in an efficient way. My team’s efforts are an important part of an overarching holistic goal to provide the best and most secure software for everyone.
How do you believe open-source will continue to impact cybersecurity?
There are three primary aspects that open-source will continue to impact cybersecurity: transparency, trust, and collaboration.
With the business environment being what it is today, it’s crucial to maintain trust in all connected services. By creating the availability of open-source software to all, we can enable and sustain trust for everyone. This is because open-source code allows for more thorough security testing, which in turn can help identify and manage vulnerabilities more quickly compared to proprietary software where source codes are kept secret. Having an active community of customers and users who can audit and test the software – and then share their experiences – adds an extra layer of transparency and trust to its development, which benefits every person and every organization.
Finally, with greater and more efficient collaboration, Keyfactor truly believes we can innovate and improve security faster than others in the industry.
How is Keyfactor enabling innovation in open-source?
Our primary contribution to the open-source community is through our continuous commitment to and sponsorship of three projects: EJBCA, SignServer, and Bouncy Castle. We make it a priority to engage with these communities and actively seek opportunities to expand PKI, code signing, and cryptography into new industries. As the need for certificates grows, it’s incredibly important to ensure our technology is available to everyone, especially where security or PKI isn’t in their wheelhouse. Every industry has unique security challenges. With their involvement in and contributions to the community, we can embed security into every possible use case.
Who inspires you?
I find inspiration in individuals who possess a sincere passion for their work. The energy that comes from those who generously share their knowledge and passion with others is infectious, as it opens the doors for others to share their own ideas and knowledge. When you have a diverse group of people all contributing ideas, that’s when there’s potential to create something truly innovative and exciting. There are quite a few people within Keyfactor who fit this description, and I’m incredibly lucky to work with such a passionate group of people.
Check back next month to get to know another member of the Keyfactor team.