We make security happen.

You are looking for a partner for the use of Linux with IT-security in mind? We help!


IoT Penetration Test

You are developing a connected device and want to know if it is secure?

Discover the weaknesses of your embedded device with the IoT penetration test. As professional attackers, we test your device in a comprehensive pentetration test.

Know the weaknesses of your device before any attacker!


Accelerated Security Certification

We are a certified test centre of the German Federal Office for Information Security (BSI).

In this role we perform the Accelerated Safety Certification. On the basis of the Accelerated certification, the German Federal Office for Information Security (BSI) awards the German IT Security Certificate.


Monitoring with Checkmk

As a Gold Partner of tribe29 GmbH we offer consulting and support for the monitoring solution Checkmk.



During the pandemic all our classes are offered as online classes. Even inhouse training will be offered using via the Internet. If you would like to attend a training course, please have a look at our classes. If you require a quote for an inhouse workshop, please contact us.



We provide custom tailored solutions for your perimeter including firewall, VPN and IDS/IPS services.

Securing Networks

Are you looking for a partner who not only masters the basics, but is also an expert in securing networks?

Re­search & Publi­cations

In the course of our research, we regularly discover new vulnerabilities. New vulnerabilities are first reported to the manufacturer and published in accordance with our Responsible Disclosure policy. In addition to these security advisories, you will also find the results of our research, talks, books and bachelor or master thesis below.

Our Publications



tacNET provides complex network setups for training purposes. tacNET creates copies of these complex networks enabling each student to work in his own separate environment. Each environment uses the same MAC and IP addresses.



Based on our experiences in the analysis of industry control systems (ICS) we developed the Python library ICShell. Using this library accessing ICS via the network is simplified. The library is still work in progress.



Übungszentrum Netzverteidigung

The Übungszentrum Netzverteidigung (Practicecenter Networkdefense) was developed on behalf of the Federal Office for Information Security (BSI). On behalf of the BSI we conduct the event regularly. The Übungszentrum Netzverteidigung trains users, administrators and IT security officer to understand current attack techniques and to evaluate the efficiency of defense mechanisms.



Responsible Disclosure

We believe in the responsible coordinated disclosure. During our work we often detect vulnerabilities both in hardware and software products. We then closely coordinate the fix and the disclosure both with the vendor and international security authorities and groups.




RFID access control are recognized for their flexibility. But unfortunately the user most often cannot determine whether such access controls are actually secure. We have analyzed the access control systems of different vendors. In many cases we have found critical vulnerabilities.



Embedded SELinux protects embedded devices even if the user does not apply updates or the device is EoL. While the vulnerability may still exists the possible impact is much reduced. The same is true for AppArmor.



Whenever a USB device is plugged in to a computer the operating system usually enables the corresponding driver automatically. If the driver contains security vulnerabilities these bugs may be triggered by a malicious USB device like a webcam. The driver often operate in the kernel space leading to a full compromise of the system.



LibreOffice and the related OpenOffice are among the few established office suites. If LibreOffice is improperly configured, this can have serious consequences for IT security. OpenSource Security has therefore developed a guide to secure configuration on behalf of the German Federal Office for Information Security (BSI). As part of the project, OpenSource Security discovered four previously unknown security vulnerabilities in LibreOffice.

Mehr erfahren

Partners & Customers

Over the years we have built up intensive contacts to leading vendors of security solutions. Due to our continuous work on both industrial and research projects, we can count several companies, universities and public agencies among our partners and customers.




We have been working with Linux in the corporate environment and public sector since 1999. Our focus on open source software and our wide range of applications enable us to develop tailor-made IT security solutions for companies and agencies.

Ralf Spenneberg

Ralf Spenneberg

CEO, senior consultant and trainer

I am Ralf Spenneberg. Since 1999 I support customers in the use of OpenSource software in security-critical environments. The security in computer netoworks is a constantly moving target. This requires a continuous progression of knowledge.

Hendrik Schwartke

Hendrik Schwartke

CEO, senior analyst and developer

My name is Hendrik Schwartke and I am working as senior IT security specialist for OpenSource Security GmbH since 2010. I am responsible for the security analysis of OpenSource and proprietary products.

Claudia Spenneberg

Claudia Spenneberg

Organization and administration

My name is Claudia Spenneberg and I take care of the bookkeeping and accounting. Since my responsibilities also include quotes and schedules , I am often the first person to contact you.


Do you have any questions regarding our services or are you looking for a new partner for your IT security? Send us an e-mail and arrange a call!

  • OpenSource Security GmbH
    Am Bahnhof 3-5
    48565 Steinfurt
  • info@os-s.de
  • Beschwerden/Complaints
  • +49 (0)2552 / 927009-0
  • +49 (0)2552 / 927009-9
  • Prüfstelle BSI-APS-9058
  • Geschäftsführer: Ralf Spenneberg, Hendrik Schwartke
  • Ust.-Id.Nr.: DE 815 773 501
  • Registergericht: Amtsgericht Steinfurt, HRB 12044
  • Inhaltlich Verantwortlicher gemäß §6 MDStV: Ralf Spenneberg
  • Privacy Information