Rapid7 Announces First Two Winners Of Its Magnificent 7 Awards

First two open source projects to share in 100k award announced

Last August I wrote about a new initiative by security vendor Rapid7 called the Magnificent 7. The makers of the Nexpose vulnerability management program and Metasploit, the leading penetration testing tool were setting aside 100k to support 7 open source projects chosen by Rapid 7. Well submissions have been made, Rapid 7 has carefully reviewed the applicants and have announced the first two winners of the Magnificent 7 program. 

The first two winners are Androguard and Cuckoo Sandbox. In addition to the financial awards that come with selection, the winners also gain access to technical, business and marketing expertise and mentors from Rapid7.

Both Androguard and Cuckoo Sandbox play in the anti-malware analysis arena. Androguard was developed by Anthony Desnos and Geoffroy Gueguen and is:

... an advanced tool for the analysis of mobile malware that attacks Android platforms or as Desnos likes to describe it, "a native decompiler of Android applications." Androguard employs a specialized static environment for analysis via the Google Summer of Code-sponsored DroidBox, for which Desnos was a mentor. With the help of the Magnificent7 Program, the Androguard team plans to solidify the reverse engineering sessions, including the integration and amelioration of DroidBox, as well as supporting ARM libraries for analysis. In addition, they aim to create a Graphical User Interface to enhance the user experience.

"Mobile malware is a rapidly growing problem and we're developing Androguard to help defend the most attacked mobile operating system by pulling, analyzing and mitigating Android malware,' said Anthony Desnos, core developer of Androguard. "Working with Rapid7 not only gives us the financial support we need to meet our next round of key developments, it also gives us access to great technical resources to help us develop our vision and strategy for the product."

Cuckoo Sandbox allows malware analysis by setting up a virtual sandbox that allows analysts to look at malware code without infecting their own machines. Developed by Claudio Guarnieri, like Androguard, also for the Google Summer of Code, Cuckoo Sandbox became so popular it was "adopted" by the Honeynet Project.

"The vision of Cuckoo Sandbox is to provide an open source and customizable means of analyzing malware in a safe environment," said Claudio Guarnieri, creator of Cuckoo Sandbox. "Giving the masses an opportunity to dive deep into what kinds of malware are attacking their systems will raise the bar on network security. The Magnificent7 Program will help us develop our marketing and awareness strategies to reach a broader audience and create a more iterative feedback program with our customers. This will help us build the functionality on the technical side to truly address our customers' needs."

Congratulations to both of these open source projects and their creators. It is a testament also to Google's Summer of Code that both of these winners were spawned as part of that project. Also congratulations to Rapid7 on the first two projects being selected and bringing the Magnificent 7 to reality. Also a big congratulations to my friend HD Moore for shepherding this project.

I will be speaking to the folks at Rapid7 shortly and will have a follow up on when we might see other Magnificent 7 winners announced.  In the meantime they are still considering applicants. If you think you know of a worthy open source security related project you can find out more about how to submit at https://community.rapid7.com/community/open_source/magnificent7.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2012 IDG Communications, Inc.

IT Salary Survey: The results are in