Skip to content

Latest commit

 

History

History
202 lines (155 loc) · 22.2 KB

CANVAS.md

File metadata and controls

202 lines (155 loc) · 22.2 KB

The Thread Open Canvas

What is an Open Canvas?

Open Canvas is a strategic planning tool designed to refine and crystallise project ideas, particularly in community-driven and collaborative contexts. Adapted from the Lean Canvas, a format commonly used for startup business projects, Open Canvas is uniquely tailored for projects driven by community participation and volunteer contributions, aligning with the core principles of working open.

An Open Canvas is a one-page template with essential project details, considering both a project's product aspects and its community dynamics. This tool serves as a bridge between a project vision and a concrete plan, fostering clarity and resource alignment.

The Open Canvas concept was developed by Abby Cabunoc Mayes as part of the Mozilla Open Leaders Programme.

You can see the Open Canvas templates here and here.

Alternatively, if you just want to get an understanding of how the information in this document flows, here is a diagram:

image

Problem

  • Sections: Product

The top three problems Thread is trying to solve.

  1. Efficient cyber threat intelligence (CTI) mapping: Traditional threat intelligence mapping is labour-intensive and time-consuming, requiring cybersecurity analysts to manually identify tactics, techniques, and procedures (TTPs) in reports and articles. This inefficiency can lead to delays in threat detection and response.
  2. Empowering informed cybersecurity defences: Many existing threat intelligence feeds lack transparency and provide data that may be inaccurate or outdated. This poses a challenge for security professionals who rely on this information to fortify their cybersecurity defences.
  3. Fostering collaborative open source cybersecurity: The cybersecurity community benefits from open source tools and knowledge sharing. However, the lack of accessible, open-source threat intelligence tools can hinder collaboration among security analysts and researchers.

Solution

  • Sections: Product

The proposed solutions to the above problems.

  1. Efficient CTI mapping: Thread streamlines the mapping process, automating the identification of TTPs in cybersecurity reports and articles. By leveraging machine learning, Thread accelerates this task, enabling analysts to swiftly pinpoint TTPs mentioned in threat intelligence sources, thereby expediting threat detection and response.
  2. Empowering informed cybersecurity defences: Thread empowers security professionals by allowing them to conduct their own research and access up-to-date, actionable threat data. This self-reliance ensures that cybersecurity defences are built on accurate, real-time insights, addressing the limitations of opaque and potentially unreliable threat intelligence sources. There is also a paid service if groups want Arachne Digital to do the research for them.
  3. Fostering collaborative open source cybersecurity: Thread actively promotes open source cybersecurity research and collaboration. As a free, open-source tool, it encourages security experts to work together, refine threat intelligence, and enhance the collective security landscape. Thread's commitment to citing original sources and facilitating knowledge sharing supports a thriving community dedicated to strengthening defences against evolving cyber threats.

Key metrics

  • Sections: Product

How success is measured.

For efficient CTI mapping:

  • Reduction in mapping time: Measure the percentage decrease in the time required to map TTPs in cybersecurity reports and articles compared to manual mapping.
  • Accuracy of TTP mapping: Assess the accuracy of TTP mapping by monitoring the percentage of correctly identified TTPs.
  • User satisfaction: Gather user feedback to gauge satisfaction with the efficiency and effectiveness of Thread in mapping TTPs.

For empowering informed cybersecurity defences:

  • User-generated threat data: Track the volume of user-generated threat data, including reports and findings created using Thread.
  • Data validation: Measure the number of instances where Thread's user-generated threat data validates or refines existing threat intelligence.
  • Reduction in reliance on traditional feeds: Assess the decrease in reliance on traditional threat intelligence feeds among Thread users.
  • Real-world impact: Monitor the documented cases where informed cybersecurity defences based on Thread-contributed insights led to successful threat detection or mitigation.

For fostering collaborative open source cybersecurity:

  • Community engagement: Measure the growth of the Thread user community, including the number of active contributors and participants in discussions.
  • Knowledge sharing: Monitor the volume of cybersecurity knowledge sharing within the Thread community, including the creation of resources, tutorials, and contributions to threat intelligence.
  • Tool enhancement: Track the number of improvements, updates, or contributions made to Thread by the open-source community.
  • Impact on collective defence: Assess documented cases where the collaborative efforts within the Thread community have enhanced the overall cybersecurity posture and collective defence against cyber threats.

Resources required

  • Sections: Product and project execution

What Thread needs to be successful. Some of these resources are supplied by Arachne Digital, but contributions are also sought from the Thread community.

Design:

  • UI/UX design: User interface and user experience design to create an intuitive and user-friendly interface for Thread.
  • Branding and identity: Development of branding elements such as logos, icons, and visual assets to represent Thread.

Development:

  • Software development: People skilled in, or willing to learn programming languages, frameworks, and tools required to build and maintain Thread's software components.
  • Machine learning: People skilled in, or willing to learn machine learning to develop and refine the models used for threat intelligence mapping.
  • Data management: Resources to manage and maintain the data and databases used by Thread for analysis and reporting.
  • Security expertise: People skilled in, or willing to learn cybersecurity to ensure the security of Thread's infrastructure and data.
  • Quality assurance: People skilled in, or willing to learn the QA process to identify and address software bugs and issues.
  • Continuous integration/continuous deployment (CI/CD): Tools and processes to automate software testing, integration, and deployment.

Community building:

  • Community managers: People skilled in, or willing to learn how to foster a collaborative and engaged community around Thread.
  • Community moderation: Moderators to ensure that discussions and contributions align with community guidelines.
  • Documentation and tutorials: People skilled in, or willing to learn how to create documentation, tutorials, and guides for Thread users and contributors.

Infrastructure and hardware:

  • Server infrastructure: Hardware and cloud resources to host and run the web version of Thread's services and databases.
  • Backup and data recovery: Systems and procedures for data backup and recovery to prevent data loss.
  • Scalability: Resources to scale infrastructure and accommodate growing user and data volumes.

Other costs:

  • Legal and licensing: Legal expertise to handle licensing, compliance, and intellectual property matters for open-source software.
  • Marketing and outreach: Budget for marketing and outreach activities to promote Thread and attract contributors.
  • Events and workshops: Hosting events, workshops, or webinars to engage with the community and provide training.
  • Maintenance and support: Ongoing maintenance, updates, and user support services.
  • Open source contributions: Resources allocated to support and contribute to other open-source projects used by Thread.

Contributor profiles

  • Sections: Project execution and community

The different types of contributors that the Thread community is looking for.

  • Software Developers: Contributors that either have expertise in, or are willing to learn programming languages (e.g., Python, JavaScript) and frameworks used in Thread's software development. They work on coding, implementing new features, fixing bugs, and optimising the software.
  • Machine Learning Specialists: Contributors that either have expertise in, or are willing to learn machine learning and natural language processing (NLP) to contribute to improving Thread's prediction models. They refine algorithms to enhance the accuracy of mapping tactics, techniques, and procedures (TTPs).
  • Cybersecurity Analysts: Contributors that either have expertise in, or are willing to learn cybersecurity with a passion for threat intelligence and the MITRE ATT&CK® framework. They review and validate TTP mappings, ensuring that threat data is precise and relevant.
  • UI/UX Designers: Contributors that either have expertise in, or are willing to learn design to improving Thread's user interface and user experience. They enhance the platform's usability, making it more intuitive for users.
  • Quality Assurance Testers: Contributors that either have expertise in, or are willing to learn the QA tester role to help identify and report software bugs and issues. They help maintain the quality and reliability of Thread's codebase.
  • Technical Writers: Contributors that either have expertise in, or are willing to learn technical writing to create documentation, tutorials, and guides to support Thread users and contributors. They ensure that information is accessible and well-documented.

Contribution types:

  • Code Contributions: Ideal for contributors interested in software development, this involves writing, testing, and submitting code changes to enhance Thread's functionality. Contributions may include implementing new features, optimising algorithms, and resolving issues.
  • Machine learning model enhancement: Contributors interested in machine learning can contribute by fine-tuning prediction models to improve TTP mapping accuracy. This helps Thread provide more reliable threat intelligence.
  • TTP validation and review: Cybersecurity enthusiasts review TTP mappings generated by Thread's models. They validate and refine mappings, ensuring the quality of threat intelligence.
  • UI/UX improvements: Contributors interested in UI/UX work on improving Thread's user interface and overall user experience. Their contributions focus on making the platform user-friendly.
  • Documentation and guides: Contributors interested in technical writing create and update documentation, tutorials, and guides for Thread. They help users and contributors understand how to use and contribute to the platform effectively.
  • Bug reports and testing: QA testers and other contributors can report and verify software bugs. Identifying and addressing issues is essential for maintaining Thread's reliability.

Ideal contributors:

  • Passion for cybersecurity: Ideal contributors have an interest in the field of cybersecurity, threat intelligence, and open source.
  • Collaborative mindset: They are willing to collaborate with others, share knowledge, and work together.
  • Commitment to open source: Ideal contributors believe in the principles of open source and are committed to supporting and growing an open-source community.

User profiles

  • Sections: Community

The target audience and early adopters of Thread.

Specific profiles:

  • Cybersecurity analysts and researchers: Cybersecurity professionals who seek efficient threat intelligence mapping and analysis tools. They use Thread to streamline the process of mapping tactics, techniques, and procedures (TTPs) from various sources to MITRE ATT&CK®, enhancing their threat detection and response capabilities.
  • Security operations teams: Teams responsible for monitoring and responding to security threats within organisations. They use Thread to gain actionable insights into emerging threats and adapt their security controls accordingly.
  • Threat hunters: Threat hunters proactively search for cybersecurity threats within their organisation's network. They rely on Thread to quickly analyse and map TTPs from threat intelligence reports and articles, aiding in threat identification and mitigation.
  • Open source enthusiasts: Individuals passionate about open source and cybersecurity. They contribute to Thread's open-source community, collaborating with others to improve the platform and enhance its threat intelligence capabilities.

Target audience: Thread primarily targets cybersecurity professionals and organisations seeking to enhance their threat intelligence capabilities. This includes:

  • Small to large enterprises: Organisations of varying sizes looking to bolster their cybersecurity defences and stay informed about emerging threats.
  • Cybersecurity service providers: Managed security service providers (MSSPs) and cybersecurity consulting firms seeking advanced threat intelligence tools for their clients.
  • Educational institutions: Universities and research institutions involved in cybersecurity education and research.
  • Open source communities: Enthusiasts and contributors interested in advancing open-source cybersecurity tools and research.

Early adopters: Thread's early adopters are likely to include:

  • Cybersecurity innovators: Forward-thinking cybersecurity professionals who are early adopters of new technologies and are eager to leverage Thread's capabilities to gain an advantage.
  • Security analysts at tech companies: Analysts working at technology companies focused on enhancing their threat intelligence capabilities. They recognise the value of Thread's open-source approach and contribute to its development.
  • Academic researchers: Researchers and institutions in the field of cybersecurity and threat intelligence who see Thread as a valuable tool for their studies and projects.
  • Open source contributors: Enthusiasts within the open-source community who appreciate Thread's commitment to open collaboration and contribute to its growth.

Contributor channels

  • Sections: Community

The channels for gaining contributors.

  • Open source platforms: Leveraging popular open-source platforms like GitHub and GitLab, Thread can maintain an active repository where potential contributors can discover the project, review its documentation, and collaborate with existing contributors. These platforms provide an accessible and transparent environment for open-source development.
  • Online communities: Actively participating in online communities related to cybersecurity, threat intelligence, and open-source software can help Thread connect with potential contributors. Engaging in discussions, sharing project updates, and seeking feedback from these communities can spark interest and involvement.
  • Social media: Promoting Thread on social media platforms (such as LinkedIn and Reddit) can increase its visibility within the cybersecurity and open-source communities. Sharing success stories, project milestones, and calls for contributions can attract new contributors.
  • Tech and cybersecurity events: Presenting Thread at relevant industry conferences, meetups, and webinars can introduce the project to cybersecurity professionals and enthusiasts. These events provide opportunities to network with potential contributors and share the project's vision.
  • Educational institutions: Collaborating with universities and colleges that offer cybersecurity programmes can foster academic interest in Thread. Guest lectures, workshops, or research partnerships can engage students and faculty members, potentially leading to contributions.
  • Bounties and rewards: Offering financial incentives or rewards for specific contributions or bug fixes can motivate individuals to participate. Programmes like bug bounty initiatives can attract security experts to help identify vulnerabilities and improve the project's security posture.
  • Documentation and tutorials: Providing comprehensive documentation and tutorials on how to contribute to Thread can lower the entry barrier for new contributors. Clear, step-by-step guides on setting up the development environment and making contributions can encourage participation.
  • Collaborative projects: Partnering with other open-source projects or organisations in the cybersecurity space can create cross-promotional opportunities. Collaborative initiatives can introduce Thread to new communities and potential contributors.
  • Contributor recognition: Recognising and appreciating the efforts of existing contributors can foster a sense of community and inspire others to get involved. Features like a "Contributors Hall of Fame" or regular acknowledgements in project updates can encourage ongoing contributions.
  • Hackathons and challenges: Hosting cybersecurity-themed hackathons, challenges, or coding competitions related to Thread can attract developers and security enthusiasts looking for opportunities to showcase their skills and make meaningful contributions.

User channels

  • Section: Community

The channels for gaining users.

  • Online presence: Maintain a user-friendly website that provides detailed information about Thread's features, capabilities, and benefits. Ensure that the website is optimised for search engines (SEO) to enhance its discoverability.
  • Social media: Establish and maintain active social media profiles on platforms (like LinkedIn and Reddit). Regularly share informative content, project updates, and user testimonials to engage with potential users.
  • Online communities: Participate in online forums, discussion boards, and communities related to cybersecurity, threat intelligence, and open source. Share knowledge, answer questions, and provide insights to position Thread as a valuable resource.
  • Tech blogs and publications: Collaborate with tech bloggers and cybersecurity publications to publish articles, tutorials, and case studies highlighting Thread's capabilities. Guest posts and featured articles can reach a broader audience.
  • Educational outreach: Partner with educational institutions, cybersecurity training providers, and online learning platforms to introduce Thread to students, cybersecurity professionals, and anyone interested in threat intelligence.
  • Professional networks: Attend industry conferences, webinars, and networking events to connect with potential users. Demonstrating Thread's value in these contexts can lead to adoption by organisations and individuals.
  • User testimonials: Encourage satisfied users to share their success stories and testimonials. Positive feedback from early adopters can build trust and attract others who face similar cybersecurity challenges.
  • Open source communities: Engage with other open-source projects and communities to promote Thread's capabilities. Cross-promotion within the open-source ecosystem can introduce the tool to new audiences.
  • Demonstrations and webinars: Host webinars, live demonstrations, and workshops to showcase how Thread works and how it can benefit users. Interactive sessions allow potential users to ask questions and gain hands-on experience.
  • Free resources: Offer free resources such as downloadable guides, whitepapers, and reports related to threat intelligence and cybersecurity. These resources can act as lead magnets, attracting users seeking valuable insights.
  • User onboarding: Provide user-friendly onboarding processes and tutorials within the Thread platform. Help new users understand how to make the most of the tool and its features.
  • Email campaigns: Implement email marketing campaigns to reach out to potential users who have expressed interest or subscribed to updates. Share informative content and updates to keep users engaged.
  • Feedback and support: Maintain responsive customer support channels, allowing users to seek assistance, report issues, and provide feedback. A positive support experience can enhance user retention.
  • Partnerships: Collaborate with cybersecurity organisations, threat intelligence providers, and industry associations to promote Thread as a valuable tool for enhancing cybersecurity practices.
  • Word of mouth: Encourage satisfied users to recommend Thread to their colleagues and peers. Referral programmes or incentives for user referrals can amplify word-of-mouth marketing.

Unique value proposition for Thread

  • Section: Community

Thread, your path to efficient, empowering and community driven cyber threat intelligence (CTI).

Thread automates the laborious task of linking cybersecurity reports and articles to MITRE ATT&CK®. Say goodbye to manual, time-consuming processes. With Thread, you gain the power to swiftly and accurately identify tactics, techniques, and procedures (TTPs) buried within vast volumes of threat data.

Experience the Thread advantage:

  • Efficiency unleashed: Thread's intelligent algorithms slash mapping time, transforming hours of work into minutes. Focus on strategic insights, not data wrangling.
  • Empowerment in your hands: Take control of your threat intelligence. Thread empowers you to refine and verify threat data, ensuring your cybersecurity defences are rooted in the most accurate and up-to-date insights.
  • Community collaboration: Join an open source community committed to advancing CTI. With Thread, you are part of a network of cybersecurity experts dedicated to a safer digital world.

Choose Thread and journey towards a future where CTI is agile, collaborative, and precise. Make every cybersecurity decision with confidence.

Thread streamlines CTI, making it efficient, empowering and community-led. Know who your threats are, what they do, and when they are targeting you. Learn how to stop them. Focus your security spend on relevant controls and empower your defenders to find malicious behaviour.