A few minutes ago, The Linux Foundation has reported of the birth of the Red Team Project, a project that will incubate cybersecurity tools open source to support range automation, uPentesting capabilities in containers, quantification of binary risk and validation and advancement of standards. The goal of Red Team Project is to make open source software even more secure when we use it. They will use the same technique, tools and procedures used by malicious users, but in a constructive way to provide Feedback and help make open source projects more secure.
Google's Jason Callaway describes the Red Team Project and his history with Fedora Red Team SIG by explaining how he created Fedora Red Team with some Red Hat colleagues at Def Con 25. They had some mapping tools they wanted to build and was inspired by the project. Cyber ITL by Mudge and Sarah Zatko. Callaway's idea was to implement his methodology in a open source project.
Red Team Project takes its first steps
The first thing they have to do is take everything to GitHub, prepare a web page and appear on social media, such as Twitter or Facebook. And something more important still, start working with the codes. Right now they are still forming a technical steering committee, so we could say that the Red Team Project was born, but is taking its first steps or has yet to learn to walk before running.
Jason says the open source is important mainly because you think it's the right way to do things. Cybersecurity is a global problem that can hurt people, businesses, and governments, so they want to make open source more secure. Callaway says there are many colleagues working on it and that they are working shoulder to shoulder with tech giants. He doesn't mention who, but they've probably talked to companies like Google (he's a client engineer for the search engine's company), Apple, Microsoft, or why not, Canonical.
The arrival of the Red Team Project cannot be anything other than good news. As we have explained, what they will do is attack known systems to find bugs, but will not exploit themrather, they will inform their developers. In this way, a malicious user will see how the doors are closed and will not be able to compromise our security, or that is the idea.
What do you think of the arrival of the Red Team Project to make open source software more secure?