Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.
The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised.
Gulshan Singh, a software engineer on Facebook’s threat infrastructure team, said that one of the reasons he was successful in gaining employment in his chosen field was due to his experience competing in CTFs at the University of Michigan. It “exposed me to a fun and practical side of security that I didn’t get in class,” he explained. “I learned about RSA encryption in my computer science courses, but CTFs taught me how to break it when it wasn’t properly implemented, which happens all the time in the real world. It’s a lot of fun to learn this offensive side of security, but at the same time learning about these flaws makes you a better defender, as well.”
Facebook is no stranger to open-sourcing its in-house programs and has more than 200 projects on GitHub alone. Last year it open-sourced Infer, a code-verification tool that squishes bugs in mobile apps. And in 2016, it has continued this trend by open-sourcing a number of additional tools.
So why, exactly, does Facebook choose to make some of its technology available to everyone?
Last year, the company’s head of open source, James Pearce, explained why it seeks to align itself with the developer community through open-sourcing, and it boils down to three things. The first is ideology — Facebook was built by Mark Zuckerberg using open-source tools. Second is innovation — it can help achieve scale much faster when many minds are working on the same problems. And finally, it’s good for business — Facebook can “build better software, write better code, our engineers are able to work with more pride, and we’re able to retain the world’s best engineers because they know they can open-source their work,” said Pearce.
Facebook has another reason for open-sourcing CTF: The cybersecurity industry will reportedly be short by 1.5 million people by 2020, so it’s in the company’s interests to encourage science and technology students to follow a path into this field. By making CTF open-source, anyone from schools to universities to companies can host their own competitions and conferences to help teach computer science and aspects of security, including forensics, reverse-engineering, and cryptography.
“Although news reports about security bugs are now commonplace, it’s not always obvious how people find these flaws and how you can develop the skills needed to find and protect against malicious exploits,” added Singh. “CTFs provide a safe and legal way to try your hand at hacking challenges.”