Facebook's ThreatExchange: A Social Network for Cybersecurity Wonks

Article Placeholder Image
By Mark Wilson, Esq. on February 12, 2015 8:17 AM

Security threats are everywhere on the Internet, but Facebook aims to change that with its new ThreatExchange, a platform for security professionals (and anyone else, I guess) to exchange information on security threats.

Even though there are already centralized repositories of security information, like the Internet Storm Center and the Common Vulnerabilities and Exposures List, Facebook's ThreatExchange promises to be a way for security type-folks to interact with each other more directly.

A Facebook for Nerds (Moreso)

"So it's a bulletin board," you're saying. Yeah, basically. Security professionals can interact with each other, and other security people of their choosing, in a Facebook-like environment. Facebook also provides a separate framework called ThreatData, for storing security threat information, including file hashes, samples of infected files, and metadata about the threats themselves.

ThreatExchange isn't terribly Facebook-related; it just so happens that Facebook volunteered to build a platform that other tech companies agreed was necessary for the sharing of information. Interested parties can sign up for the beta (which isn't open to the public yet) by saying that they either need threat data or have threat data to share.

The fact that Facebook built ThreatExchange on its own platform at least means it has a familiar interface. According to Mark Hammell, Facebook's Manager of the Threat Infrastructure Team (and not a Jedi), the privacy settings are pretty malleable, so one organization can talk only to another organization about a particular security problem.

Let's Talk About Security

Should we talk openly about security? Absolutely. It does no one any good to hide exploits. "Security through obscurity" just isn't a viable way to prevent breaches; someone is going to find your vulnerability, it's just a question of "when." Besides, people who have already exploited a vulnerability know about it.

It's the same reason why open-source software is more secure than proprietary software: With more eyes looking at the code, it's more likely that bugs and security holes will be caught. Proprietary software, on the other hand, restricts access to the code to only a few people who may not catch everything. Again, security through obscurity only works if other people can't find vulnerabilities (which, of course, they can). Everyone's security is improved if we can openly talk about security.

Related Resources: