Meta Tech Podcast29 Juni 2023

53: Offensive security at Meta's Red Team X

Red Team X is a security team at Meta that is responsible for finding and exploiting vulnerabilities in third-party products that could impact Meta's own security. The team acts as a hybrid between a traditional red team, which focuses on probing their own organisation's systems and products for vulnerabilities, and an elite bug-hunting group.

The team was founded by Vlad I. in 2020 when the pandemic and the sudden shift to Work From Home challenged various previously-held assumptions about security.

In his discussion with Pascal, Vlad explains the roles of different security teams within Meta, how they go about prioritising the highest-impact targets to exploit and how they work with vendors to ensure not just Meta but the entire world benefits from the fixes produced.

Got feedback? Send it to us on Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don't forget to follow our host @passy (https://twitter.com/passy and https://mastodon.social/@passy). Fancy working with us? Check out https://www.metacareers.com/.

Links:

The Diff episode about Velox: https://thediffpodcast.com/docs/episode-17
Risky Business Podcast: https://risky.biz/
RTX Blog: https://rtx.meta.security
RTX Disclosures: https://rtx.meta.security/bugs
RTX in WIRED: https://www.wired.com/story/facebook-red-team-x-vulnerabilities/

Timestamps:

Intro 0:06
Vlad Intro 1:55
Red Teaming 2:43
Staying up-to-date 6:34
Different team colours 10:02
Defence-in-depth 12:44
Red Team X 15:57
Hardware v Software 19:43
Focus areas 21:29
Prioritising requests 22:44
Notable RTX Disclosures 26:05
Vulnerability disclosure policy 28:52
Getting into offensive security 38:48
Outro 40:51

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(91)

85: Reel Friends: Building Social Discovery that Scales to Billions

You've probably spotted those little circles of your friends' faces popping up on Facebook Reels. They look simple enough, but building them was a proper engineering challenge. In this episode, Pascal...

8 Maj 38min

84: Trust But Canary: Configuration Safety at Scale

Have you ever wondered how Meta makes config rollouts safe at scale? In this episode, Pascal sits down with Ishwari and Joe to discuss Meta's approach for propagating changes across services in second...

2 Apr 37min

83: Patch Me If You Can: AI Codemods for Secure-by-Default Android Apps

At Meta, even seemingly simple engineering tasks—like updating an API—become monumental undertakings when you're dealing with millions of lines of code and thousands of engineers, especially if the ch...

27 Feb 47min

82: CSS at Scale with StyleX

It's not just Not Invented Here Syndrome. Some technologies like CSS simply don't scale if you're building some of the largest websites on the planet with thousands of engineers committing to the same...

8 Jan 44min

81: From Zero to Polish: Building Meta Ray-Ban Display

You've likely heard of Meta Ray-Ban Display by now — but what's it actually like to work on it? In this episode, Pascal talks to Kenan and Emanuel about the exciting features of Meta's First-Gen Displ...

12 Dec 202547min

80: Lowering emissions with the Open Compute Project

In this episode, Pascal talks to Dharmesh J. (DJ) and Lisa about the vision for the open, scalable future of networking hardware for AI and to break down Meta's big announcements from the 2025 Open Co...

14 Nov 202538min

79: Building Android apps in Meta's monorepository with Buck2

How do you keep Android build times under control when your codebase spans tens of thousands of modules and millions of lines of Kotlin? In this episode, Pascal talks with Iveta, Navid, and Joshua fro...

10 Okt 202537min

78: Generating 3D Worlds with AI

Creating 3D assets can be daunting, but does it have to be? Mahima and Rakesh are on a quest to democratize 3D content creation with AssetGen, a foundation model for 3D. They discuss the challenges of...

19 Sep 202536min