My Work with Tripwire
I wrote the original version of Tripwire when I was an undergraduate student at Purdue University in 1992, when I was doing an independent study project with the famous Dr. Gene Spafford. One of the most unexpected outcomes is that it rapidly became one of the most widely used intrusion-detection tools for Unix. So in 1998, I co-founded Tripwire, Inc. with W. Wyatt Starnes, and have served as CTO ever since. That’s right. I’ve been at Tripwire for 13 years. I think the best history of Tripwire is in the video below. It was a 15 minute presentation I gave to the entire company in January 2010 during our Sales Kickoff Meeting. In this video, I share ten things you may not know about the story behind Tripwire:
Top things you may not know about Tripwire
1.Before I went to Purdue University, I was in high school, working part-time as a UNIX system administrator and file system QA engineer at Prisma Supercomputers (acquired by Sun Microsystems in 1988). It was there when I got to watch first-hand the impact of the famous Internet Morris Worm, which was released on November 2, 1988. This malicious code took down over 10% of the servers connected to the Internet: luckily, there were only 30K servers that that time.
2.One of the main reasons I decided go to Purdue University was reading the famous and canonical paper that Dr. Gene Spafford wrote on the Morris Worm. He was one of people who actively studied, analyzed and designed counter-measures to prevent its spread, days after it was released.
3.We released Tripwire as an open source intrusion detection tool, designed to detect when changes occur to UNIX systems, regardless of whether it was malicious or accidental, and then help enable their recovery. We released it on November 2, 1992, on the four year anniversary of the Morris Worm.
4.I got two “incompletes” from Spaf on this independent study course. I always managed to find lots of interesting things to work on at Purdue. One of which got me fired from the Purdue University Computing Center, where I was working half-time.
5.As I mentioned before, Tripwire rapidly became one of the most widely used security tools for UNIX, downloaded millions of times. Because the primary distribution mechanism was comp.sources.unix and FTP, it required a lot of work and determination to download things.
6.The first royalty check I received was for a couple hundred dollars, sent from the Purdue Research Foundation. I had no idea who was paying the royalties. After some digging, it turns out that it was a guy named Allen Lum, who was doing financial reporting audits for Ernst and Young in New York.
He had downloaded Tripwire, and was using it at the conclusion of their audit work at clients. He would make a snapshot of critical financial reporting applications and systems, so that when they came back next year, he could see all changes made that could affect the integrity and correct functioning of those systems.
I wouldn’t fully appreciate how important this application of Tripwire was for many more years. But practices like this would becomes required to comply with the Sarbanes-Oxley Act of 2002 (SOX-404).
Allen eventually became an executive director at E&Y before retiring.
7.About the same time, the Internet e-commerce boom was fully underway, with online use of credit cards soaring. To prevent and detect online theft of cardholder data, Visa started the Cardholder Information Security Program, which contained 12 required sets of security controls that all merchants and processors were required to comply with. Sound familiar? Yes, Visa CISP is the basis of the famous Payment Card Industry Data Security Standard (PCI DSS).
That during the same period of time when Internet Security Systems went public (founded by Chris Klaus), as well as the famous Pets.com Superbowl ad, Homegrocer.com, and many other examples of how companies needed lots of money back then.
(By the way, I marvel at how little capital is required to built great software companies these days.)