We make security happen.

Security is very important.
We would like to protect you, our customers, and our staff in the best possible way.
Therefore all classes are offered as online classes!
You are looking for a partner for the use of Linux with IT-security in mind?
We help!

Embedded Devices

In various projects, we dedicate ourselves to the security of embedded systems. Very often, we often test the resilience of industrial control systems, medical devices, routers or access control systems.


As official partner of tribe29 GmbH we offer subscriptions, collaborative consulting and support for the monitoring solution checkmk.


We are intensively working with Linux in the corporate environment and public sector since 1999. In addition to planning and designing business critical and highly secure systems, we also support you as a competent partner during operation.

Vulnerabilty Management

As official partner of Greenbone Networks GmbH we offer appliances, consulting and support for the Greenbone Vulnerability Manager.


We have been working with Linux in the corporate environment and public sector since 1999. Our focus on open source software and our wide range of applications enable us to develop tailor-made IT security solutions for companies and agencies.

Ralf Spenneberg

Ralf Spenneberg

CEO, senior consultant and trainer

I am Ralf Spenneberg. Since 1999 I support customers in the use of OpenSource software in security-critical environments. The security in computer netoworks is a constantly moving target. This requires a continuous progression of knowledge.

Hendrik Schwartke

Hendrik Schwartke

CEO, senior analyst and developer

My name is Hendrik Schwartke and I am working as senior IT security specialist for OpenSource Security GmbH since 2010. I am responsible for the security analysis of OpenSource and proprietary products.

Claudia Spenneberg

Claudia Spenneberg

Organization and administration

Hello, my name is Claudia Spenneberg and I take care of the bookkeeping and accounting. Since my responsibilities also include quotes and schedules , I am often the first person to contact you.

Partners & Customers

Over the years we have built up intensive contacts to leading vendors of security solutions. Due to our continuous work on both industrial and research projects, we can count several companies, universities and public agencies among our partners and customers.




Almost 70 percent of companies and institutions in Germany have been victims of cyber attacks in 2016 and 2017.
— German Federal Office for Information Security (2018): DIE LAGE DER IT-SICHERHEIT IN DEUTSCHLAND 2018

Resistance analysis

We carry out resilience testing of various systems. Thereby we cover a wide range of expertise including embedded devices like industrial control systems, micro services, web applications etc.


We provide custom tailored solutions for your perimeter including firewall, VPN and IDS/IPS services.


As official partner of tribe29 GmbH we offer collaborative consulting and support for the monitoring solution checkmk.

Securing Networks

Are you looking for a partner who not only masters the basics, but is also an expert in securing networks?


During the pandemic all our classes are offered as online classes. Even inhouse training will be offered using via the Internet. If you would like to attend a training course, please have a look at our classes. If you require a quote for an inhouse workshop, please contact us.

Research & Publications

In 2017/2018, the increased emergence of IoT (Internet of Things) botnets, which compromise Internet-enabled home electronics and abuse them as bots, is striking.
— German Federal Office for Information Security (2018): DIE LAGE DER IT-SICHERHEIT IN DEUTSCHLAND 2018

In the course of our research, we regularly discover new vulnerabilities. New vulnerabilities are first reported to the manufacturer and published in accordance with our Responsible Disclosure policy. In addition to these security advisories, you will also find the results of our research, talks, books and bachelor or master thesis below.

Our Publications


tacNET provides complex network setups for training purposes. tacNET creates copies of these complex networks enabling each student to work in his own separate environment. Each environment uses the same MAC and IP addresses.



Based on our experiences in the analysis of industry control systems (ICS) we developed the Python library ICShell. Using this library accessing ICS via the network is simplified. The library is still work in progress.


Übungszentrum Netzverteidigung

The Übungszentrum Netzverteidigung (Practicecenter Networkdefense) was developed on behalf of the Federal Office for Information Security (BSI). On behalf of the BSI we conduct the event regularly. The Übungszentrum Netzverteidigung trains users, administrators and IT security officer to understand current attack techniques and to evaluate the efficiency of defense mechanisms.


Responsible Disclosure

We believe in the responsible coordinated disclosure. During our work we often detect vulnerabilities both in hardware and software products. We then closely coordinate the fix and the disclosure both with the vendor and international security authorities and groups.



Embedded SELinux protects embedded devices even if the user does not apply updates or the device is EoL. While the vulnerability may still exists the possible impact is much reduced. The same is true for AppArmor.



Whenever a USB device is plugged in to a computer the operating system usually enables the corresponding driver automatically. If the driver contains security vulnerabilities these bugs may be triggered by a malicious USB device like a webcam. The driver often operate in the kernel space leading to a full compromise of the system.



RFID access control are recognized for their fexibility. But unfortunately the user most often cannot determine whether such access controls are actually secure. We have analyzed the access control systems of different vendors. In many cases we have found critical vulnerabilities.



Both beginners and advanced users may attend our classes. You are a Linux administrator and need the appropriate knowledge to setup a mail gateway based on Linux and Postfix? You need to implement a Web server, a firewall or a VPN with Linux? You must monitor the availability of your Systems and services? Then you have come to the right place. Even advanced topics like SELinux or Modsecurity are covered by our classes.”

Security is very important. We would like to protect you, our customers, and our own staff in the best possible way and therefore we are offering all our classes during the pandemic as online classes!

You will be able to take part in the class as in a normal class just using a web browser. The browser will also be used to access our live class room labs for the exercises. If you are interested in a short demonstration, do not hesitate to contact us.

Further information is available.

What our Customers say

The concept of the training course is completely coherent. Adaptation of the course content to the individual needs of the course participants = very positive. Consideration of the different levels of knowledge of the course participants. Excellent course materials.

VPN Solutions with Linux

EmployeeZIVIT Frankfurt

Very interesting introduction to a topic (Xen) which is currently under development. The expertise of the lecturer (Ralf Spenneberg) and the extensive hardware equipment allowed a comprehensive insight into the topic.

Virtualization with XEN

EmployeeToshiba Electronics Europe

The topic was exactly met, the customer’s needs were addressed and proposals for solutions were worked out together. The theory was presented in a very vivid way and underpinned with practical examples. The complete course was very understandable.

OpenVPN - The IPSec alternative

EmployeeMPI EVAN


We are happy to hear from you!

  • OpenSource Security GmbH
    Am Bahnhof 3-5
    48565 Steinfurt-Borghorst
  • info@os-s.de
  • 00 49 2552 / 9972 54
  • 00 49 2552 / 9971 82
  • Geschäftsführer: Ralf Spenneberg, Hendrik Schwartke
  • Ust.-Id.Nr.: DE 815 773 501
  • Registergericht: Amtsgericht Steinfurt, HRB 12044
  • Inhaltlich Verantwortlicher gemäß §6 MDStV: Ralf Spenneberg
Please fill out the captcha.