As great as it is, osquery could be a whole lot better. (Think write access for extensions, triggered responses upon detection, and even better performance, reliability and ease of use.)
Facebook’s small osquery team can’t respond to every request for enhancement. That’s understandable. They have their hands full with managing the osquery community, reviewing PRs, and ensuring the security of the world’s largest social network. It’s up to the community to move the osquery platform forward.
Good news: none of these feature requests are infeasible. The custom engineering is just uneconomical for individual organizations to bankroll.
We propose a strategy for osquery users to share the cost of development. Participating companies could pool resources and collectively target specific features. This would accelerate the depreciation of other full-suite tools that are more expensive, less flexible and less transparent.
It’s the only way to make real progress quickly. Otherwise, projects rely solely on the charity and coordination of their contributors.
Can an open-source tool replace commercial solutions?
We think that open-source security solutions are inherently better. They’re transparent. They’re more flexible. Their costs are tied closely to the value you get; not just access. Finally, each time there’s an investment in the tool, it increases the advantages for current users, and increases the number of users who can access these advantages.
However, in order to compete with their commercial counterparts, open source projects need implementation support and development support. The former is basically the ability to “set it and forget it.” The latter ensures the absence of show-stopping bugs and the regular addition of new required features.
Companies like Kolide and Uptycs provide user-friendly support for deployment.
For development support, you can now hire us.
Announcing the Trail of Bits osquery support group
We’re offering two ‘flavors’ of support plans; one for year-round assurance, the other for custom development.
12-month assurance plan
Think of this like an all-you-can-eat buffet for critical features and fixes. Any time you need a bug fixed or a feature added, just file a ticket with us. This option’s great for root-cause and fix issues, the development of new tables and extensions, or the redesign of parts of osquery’s core. Basically, the stuff that is holding you back from cancelling those expensive monthly contracts with the proprietary vendors.
This plan’s for you if you need one-off help with a big-time osquery change. Perhaps: ports to new platforms, non-core features, or forks.
Regardless of the plan you choose, you’ll get:
- Access to a private Trail of Bits Slack channel for direct access to our engineers
- The opportunity to participate in a bi-weekly iteration planning meeting for collaborative feature ideation, problem-solving, and feature prioritization
- A private GitHub repository with issue tracker for visibility and influence over what features are worked on
- Special access and support to our osquery extensions
- Early access to all software increments
Whether you’re a long-time osquery user with a list of feature requests, or part of a team that has been holding out for osquery’s feature-parity with commercial tools, this may be the opportunity you’ve been waiting for. As a member, you’ll gain multiple benefits: confidence that there aren’t any show-stopping bugs; direct access to our team of world-class engineers, many of whom have been doing this exact work since we ported osquery to Windows; peace of mind that your internal engineers won’t spend any more time on issues with osquery; and the chance to drive osquery’s product direction while leaving the heavy lifting to us.
Want in? Let us know.
Pingback: Get an open-source security multiplier | Trail of Bits Blog