Today, Meta launched two security requests for proposals (RFPs): the 2022 Towards Trustworthy Products in AR, VR, and Smart Devices RFP and the 2022 Meta Security Research RFP.
To learn more about these RFPs, we reached out to Clyde Rodriguez, Vice President on the Security Engineering team at Meta. In this Q&A, Rodriguez tells us what his teams are focusing on in the security space at Meta, why it’s important for Meta to collaborate with academia, and what these two newest security RFPs are about.
Q: What is your role at Meta, and what do your teams do? What are your priorities for security at Meta?
CR: I serve as Head of Security at Meta, overseeing a global team of engineers focused on keeping our community safe by securing code, systems, and processes across the Meta family of apps. Since joining the company, one of my top priorities has been strengthening our layers of defense across the company. An important element of this work is continuing our longstanding history of working with external security researchers and experts. I’m excited to launch these two new RFPs and help to direct research into these important topic areas.
Q: Why is Meta Security interested in engaging outside researchers?
CR: Security is ever-evolving work as new software is written every day. Our mission is to try to stay ahead of potential risks to our platform, which requires working with our internal experts and externally with industry and security partners. Many of Meta’s engineers come from the research community and understand how critical it is that the company continuously partners with others to make the internet more secure. That’s why in addition to working with these external groups to help secure our own services, we also open source some of our internal toolings to help others. Over the past decade, Meta Security has partnered closely with open source communities to provide free access to high-quality software like static analysis tools Pysa for Python and Mariana Trench for Java.
Q: Why does Meta work with academia in the Security space? What is the goal of the partnership?
CR: By partnering with academia, our goal is to help foster innovation and support high-quality security research. Solving the world’s most complex technology challenges requires a diverse set of backgrounds and perspectives, and a deeply collaborative approach across the security industry. While we’ve made substantial investments in-house, including industry-leading work in program analysis, applied cryptography, and computer systems, we know there will always be more work to be done to reduce security risks, build more secure software and hardware, and improve the safety of cryptography. These RFPs are an opportunity for academia to take on some of the most challenging problems in the security space and help to protect the billions of users that use Meta platforms each day.
Q: Two security-related RFPs launched today. Tell us about each of them.
CR: We have been committed for years to supporting security work within the academic community. Meta is responsible for the security of billions of people that use Meta’s platforms to make the world more open and connected. We know we can’t do this alone. Both RFPs are another step in making the research community around security more connected to the problems we see in keeping people safe. Research engagement is essential to our mission to build a secure metaverse for every person on the planet.
Let’s start with the 2022 Towards Trustworthy Products in AR, VR, and Smart Devices RFP. We are always thinking several steps ahead on what the next generation of security threats and potential risk areas will look like. This is especially true for emerging technologies like augmented and virtual reality on the road to the metaverse. It’s important that we partner with external experts as we ask these larger questions around security and privacy challenges and share our findings with the broader community. This is why we started this program three years ago.
When I look at the winners of the 2020 and the winners of the 2021 RFPs, I see a great mix of ideas, including everything from secure hardware to advanced mathematics to thinking about accessibility. We want to keep that going, and we want to spread a “big tent” to bring in even more people. That’s what makes me excited to continue supporting this program in 2022.
Now, I want to turn to the 2022 Meta Security Research RFP. While this is the first year we’re doing an open call RFP with this format, we have in fact supported security research for many years. As just one example, we are proud to be a founding sponsor of the USENIX Internet Defense Prize. This is a prize administered by one of the leading research organizations in computer security. The prize is awarded to the highest-quality peer-reviewed work in the field, as judged by a jury of peers drawn from all over the world. We’re gratified that over the better part of a decade, this has become a prestigious, competitive award.
We support academic research because we know we can’t solve our problems alone. We know that the academic community is an incredible innovation engine, coming up with new ideas and bringing new people into our community. By opening a general call for proposals, we wanted to support that community, in an inclusive and open way. While we have highlighted areas that we know are problems and that we’d love to work with people on, this is our program for casting a wide net to the community.
Together, these programs represent substantial support for new research and new ideas. This is just the beginning: we see this as the starting point for building community around the hardest problems in computer security. We can’t wait to see what people come up with.
Q: Where can people stay updated and learn more?
CR: Here’s how to find the most up-to date information on the work the team is doing: