Red Team to help secure open-source software

The Linux Foundation's new Red Team project will incubate open-source cybersecurity tools.

Who doesn't want to secure software? After all, every day, there's another major security violation bubbles up from the swamp of bad programs. To help deal with this, at the Open Source Leadership Summit, the Linux Foundation announced the Red Team Project.

Red Teams, for those who don't live in the security-world, are  a way of testing the effectiveness of a company or group's security program. It does this by emulating how attackers go after your systems in the real world.

The Red Team Project is an incubator for open-source Red Team security tools. These include programs that support cyber range automation, containerized pentesting utilities, binary risk analysis, and standards validation programs.

This project doesn't come out of nowhere. It springs from the Fedora Red Team Special Interest Group. Jason Callaway, now a Google Customer Engineer, started the "Fedora Red Team SIG with some fellow Red Hatters at Def Con 25. We had some exploit mapping tools that we wanted to build, and I was inspired by Mudge and Sarah Zatko's Cyber-ITL project; I wanted to make an open-source implementation of their methodologies."

Cyber-range? These are virtual spaces, which can simulate hacker attacks. That's easy, in theory, to do on the cloud. A cyber range includes vulnerable machine images, vulnerable application configs, attack platforms, exploits, and operators. The range can then be used for security training by deploying hacker scenarios, which represent real world situations your red and blue teams will be facing. Essentially, this will enable you to war-game your security infrastructure.

Must read

In addition, the open-source Cyber Test Lab (CTL) gives open-source projects a way to analyze their code. Besides helping developers, end-users will be able to use CTL to help prevent poorly-built binaries from going into production.

Want to know more? You can attend Red Team meetups either in person or via Google Hangout, subscribe to its mailing list, and check out its projects on GitHub.

These are the worst hacks, cyberattacks, and data breaches of 2018

Related Stories:


The open source jobs are out there
Two mature business people congratulate a young professional.

The open source jobs are out there

Blind trust in open source security is hurting us: Report
Brian Behlendorf, OpenSSF General Manager

Blind trust in open source security is hurting us: Report

Google looks to reduce pushback bias in developers' software code review
close up programmer man hand typing on keyboard at computer desktop for input coding language to software for fix bug and defect of system in operation room , technology concept

Google looks to reduce pushback bias in developers' software code review