Facebook slowly fine-tuning its popular ThreatExchange
Facebook’s ThreatExchange, which was unveiled this February, is apparently a hit with organizations, and they are vocal about the ways they believe it could be improved.
Fine-tuning a system like this is crucial to its effectiveness and helpfulness and, therefore, its long-term success.
Jesse Kornblum, a Software Engineer on the Threat Infrastructure team at Facebook, says that the feature that most involved organizations asked for is a way to include attribution information.
“Knowing the source of data can be instrumental for determining how to act on it,” he noted, but says that adding this information is going to be a considerable change to how things work now, so it will be implemented with the next release of the Facebook Platform API.
After explaining in detail how this change will be implemented (data for each indicators will be split into two categories: objective and subjective), he pointed out that the change will be helpful for ThreatExchange users and information sources.
“With the update in the next version, you will be able to consider information about a threat indicator and who provided that information. You can use this information in your processing, for example, to highlight data from trusted sources, or ignore data from people who have not been helpful in the past,” he noted.
“Looking ahead to the future, we are working on a feedback mechanism for the descriptors. If somebody is providing a lot of information that is unhelpful, you will be able to let them know.”