Androguard and Cuckoo Sandbox's vision and active community of contributors and users set them apart from the other entrants. The projects were selected for the first round of Magnificent7 sponsorships due to their innovative approach to traditional and mobile-based malware analysis. According to the recent Verizon Breach Report1, malware was involved in 69% of breaches in 2011, making its mitigation a huge priority for security professionals.
"The open source community plays a vital role in the creation of innovative solutions to address the increasingly complex security challenge we all face," said HD Moore, chief security officer of Rapid7 and chief architect of the Metasploit open source project. "Projects like Androguard and Cuckoo Sandbox are using cutting edge technologies to solve once unsolvable problems. With the backing of Rapid7, they will now have the financial, marketing and technical resources available to continue to deliver solutions that address real, critical problems."
The open source projects being supported in the first round of Rapid7's Magnificent7 program are:
Androguard, the work of Anthony Desnos and Geoffroy Gueguen, is an advanced tool for the analysis of mobile malware that attacks Android platforms or as Desnos likes to describe it, "a native decompiler of Android applications." Androguard employs a specialized static environment for analysis via the Google Summer of Code-sponsored DroidBox, for which Desnos was a mentor. With the help of the Magnificent7 Program, the Androguard team plans to solidify the reverse engineering sessions, including the integration and amelioration of DroidBox, as well as supporting ARM libraries for analysis. In addition, they aim to create a Graphical User Interface to enhance the user experience.
"Mobile malware is a rapidly growing problem and we're developing Androguard to help defend the most attacked mobile operating system by pulling, analyzing and mitigating Android malware,' said Anthony Desnos, core developer of Androguard. "Working with Rapid7 not only gives us the financial support we need to meet our next round of key developments, it also gives us access to great technical resources to help us develop our vision and strategy for the product."
Cuckoo Sandbox is an application that provides a virtual sandbox for the automatic analysis of malware specimens. Originally developed by Claudio Guarnieri for the Google Summer of Code, the project became so popular it is now a mainstay of the Honeynet Project, a leading international research institution with a special focus on malware. The platform allows for the automatic capture and advanced analysis of dangerous strains of malware in a contained environment. Working with Rapid7 will enable Cuckoo Sandbox to increase its ability to adapt to the user's needs through configurable modules, as well as extending the virtualization capabilities, which include self-protection from the malware specimens.
"The vision of Cuckoo Sandbox is to provide an open source and customizable means of analyzing malware in a safe environment," said Claudio Guarnieri, creator of Cuckoo Sandbox. "Giving the masses an opportunity to dive deep into what kinds of malware are attacking their systems will raise the bar on network security. The Magnificent7 Program will help us develop our marketing and awareness strategies to reach a broader audience and create a more iterative feedback program with our customers. This will help us build the functionality on the technical side to truly address our customers' needs."
If you have an innovative open source project that addresses a problem in the security space, Rapid7 would like to hear from you! Please visithttps://community.rapid7.com/community/open_source/magnificent7 for details on the submission process.
Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 2,000 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a “Top Place to Work” by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.