Companies frequently like to teach the virtues of online security through Capture the Flag competitions, where you’re encouraged to both create hacks and protect against them. Developing those competitions isn’t always easy. However, Facebook is giving trainers an upper hand: it’s open sourcing the code for its own CTF platform, letting anyone host a similar cybersecurity challenge or build on what Facebook has learned. The move should be particularly useful for companies and schools that want to demonstrate the importance of closing security holes and otherwise running a tight ship — you can’t afford sloppy code if you want to win.
It’s no surprise that Facebook would do this when it has a habit of open sourcing anything that isn’t a vital company secret, but it’s still welcome. Also, it’s a very pragmatic move for the company. The more people are participating in CTF games, the more the industry is well-versed in practical security. That, in turn, could both reduce the number of vulnerabilities that affect Facebook as well as let it hire from a more knowledgeable pool of security gurus.