Building Together: The Thread Open Source Community by Arachne Digital

The traditional landscape of CTI has long been plagued by inherent shortcomings. Historically, CTI collection has often been an afterthought as a byproduct of security tools with a large install base that generates telemetry, such as antivirus and others, or a manual, labour-intensive process. This approach often results in intelligence purely in the form of feeds of indicators of compromise (IoCs) or dense intelligence reports. The former often lacks the crucial context needed for effective threat mitigation and offers only a narrow view of the threat landscape, and the latter is often hard to take action on. Compounding the issue, many CTI feeds are aggregated and resold, leading to a proliferation of poor-quality data.

For an overview of the difference between strategic, operational, and tactical threat intelligence, check out this amazing presentation by Katie Nickels.

The real value in CTI lies in its ability to provide a three-dimensional perspective. First, strategic intelligence to understand who is targeting you; second, operational intelligence to decipher how you are being targeted; and last, tactical intelligence to identify specific indicators of an attack. This comprehensive approach is vital in enabling organisations to not only react to threats but proactively anticipate and thwart them, making it an indispensable element of modern cybersecurity strategy.

One way of leveraging cyber threat intelligence effectively involves sifting through data to discern which adversaries are specifically targeting your industry within your geographic region. Once identified, their Tactics, Techniques, and Procedures (TTPs) also need to be identified. This knowledge of relevant offensive tactics is mapped to controls to form a prioritised control list for detecting and mitigating potential threats.

That can be a difficult process, which is why we are building a community around Thread, our first intelligence analyst tool, forked from the original MITRE ATT&CK TRAM project. Thread accelerates the research process, providing quick access to relevant threat intelligence data. With Thread’s capabilities, organisations can swiftly identify their adversaries, study their TTPs, and translate this insight into a prioritised set of controls. This enables more proactive and effective cybersecurity measures tailored to their unique threat landscape.

Cybersecurity has a great deal of open source software to draw on, but not a lot of it is backed by companies that sustain the development. Plus, there is a lot of proprietary security tooling out there. Why would Arachne Digital open source Thread?

Thread comes from an open source project, and thus bares the same open source licence. But open sourcing software provides multiple benefits. Firstly, open source software promotes inclusivity and accessibility, allowing a diverse range of individuals, organisations, and countries to leverage and adapt technology to their specific needs. This democratisation of software leads to innovation and economic growth by reducing barriers to entry for entrepreneurs and developers. Moreover, open source software enhances cybersecurity by enabling constant scrutiny and collaboration from a global community of experts, making it more secure and less vulnerable to cyber threats.

When most software is open sourced, the code is posted online, an open source licence is slapped on it, and that is it. Arachne Digital wants to do a little more than that. We are leveraging the best practice released by Mozilla for their Open Leaders Program and GitHub for their Building Communities documentation.

The best practice covers all aspects of the project, right through to in person and online events. For this blog post, we want to look at the community documentation framework we have built to help people orientate and contribute to the Thread project.

The Thread README serves as the gateway to our vibrant open source community, offering a comprehensive introduction to our project’s mission and goals. It is the first stop for newcomers, providing a high-level overview of Thread and its dedication to enhancing cyber threat intelligence. Through the README, prospective contributors can quickly grasp what we are all about and how they can join us on this exciting journey. As a framework, the README sets the tone for our other community documentation, serving as a starting point for contributors to navigate and engage with our project effectively.

The Thread community has adopted the Contributor Covenant, helping to ensure that participation is a harassment-free experience for everyone. It emphasizes empathy, respect, transparency, and inclusivity. This commitment to a healthy and respectful community sets the tone for productive collaboration.

The Thread contribution guidelines are the compass that steers our community of contributors toward successful collaboration. They provide a clear roadmap for individuals with diverse skills and backgrounds to join our open-source initiative. These guidelines empower potential contributors with the knowledge they need to make meaningful technical and non-technical contributions to Thread. From coding standards to issue tracking, bug handling, and feature requests, these guidelines offer a structured path for participation. More than just rules, they are a testament to our commitment to an inclusive and supportive community where every contribution, big or small, plays a vital role.

Something we are excited about is providing incentives.

There are the normal open source incentives. Firstly, the opportunity to build and showcase one’s skills and expertise is a significant motivator. Contributing to open source allows individuals to work on real-world projects, gaining practical experience and a tangible portfolio.

Secondly, the sense of community and belonging is crucial. Open source projects often bring together like-minded individuals passionate about a common cause, creating a supportive network for learning and growth. Recognition and acknowledgment, such as through a contributor hall of fame or commit credits, provide a sense of achievement and appreciation for one’s contributions. Moreover, the transparent and open nature of open source fosters transparency and trust, making it an attractive environment for contributors.

Finally, the broader impact of open source on society, from democratising technology to advancing global knowledge, appeals to those who want to make a meaningful difference. In essence, these aspects not only empower individuals to contribute but also sustain the vibrant ecosystem of open source, where collaboration and innovation know no bounds.

We are also taking our lead from the Django project and others by creating an Author’s file. It is where we give credit where credit is due — to the talented individuals who have contributed their time, expertise, and creativity to Thread. This file is a celebration of the diverse range of professionals and enthusiasts who have come together to enhance cybersecurity and cyber threat intelligence.

As Arachne is a for-profit company, we also want to build pathways for people to be monetarily reimbursed for contributions, or to come on as staff members. We will continue to experiment and adjust in this space to find what works best for the community.

As we navigate the ever-evolving landscape of cybersecurity, the importance of open source communities cannot be overstated. They are hubs of knowledge, inclusivity, empowerment, and purpose. Whether you are a seasoned professional or a newcomer to the field, getting involved in open source projects like Thread can be a transformative journey. By working together, we can build a safer and more secure digital world for all.