Netflix releases “Stethoscope”, an open source security tool
A web application that gives users specific recommendations for securing their computers, smartphones and tablets
Stethoscope was developed by Netflix as part of its “User Focused Security” approach, which is based on the theory that it is better to provide employees actionable information rather than relying on heavy-handed policy enforcement:
It’s important to us that people understand what simple steps they can take to improve the security state of their devices, because personal devices–which we don’t control–may very well be the first target of attack for phishing, malware, and other exploits. If they fall for a phishing attack on their personal laptop, that may be the first step in an attack on our systems here at Netflix.
“Education, not automatic enforcement”
How it works?
Stethoscope analyzes device’s disk encryption, firewall, automatic updates, operating system and software updates, screen lock, jailbreaking or rooting, and installed security software, and retrieves device information from JAMF, LANDESK, Google’s G Suite Mobile Management and bitFit.
Each of these factors is attributed a rating based on its importance:
The source code and the instruction for installation and configuration are available on GitHub:
Docker Compose configuration for running the full application is also available.
More technical information are available on official Netflix Tech Blog: