Most people think open source maintainers are technical geniuses, command-line warriors born writing C at age seven.
I wasn’t one of them.
I studied criminology. My majors were policing and international relations. I didn’t have a computer science degree, or even much coding experience when I started. But I’ve always been fascinated by one thing: decentralised communities.
Because here’s the thing they don’t teach you in Western institutions: hierarchy isn’t the only way to make things work. Decentralisation, when done right, is powerful. And open source software is one of the best examples we’ve got.
My journey started, unexpectedly, in Pune, India. I’d just missed a Mozilla event, found out about it the day after, and started emailing attendees I could find online. Just one person replied. We met up. They connected me with Mozilla, and that led to a wild ride: I became a regional coordinator, Mozilla Tech Speaker, Open Leader, MozFest helper, then a MozFest wrangler helping organise the whole festival.
That experience taught me something I’ve never forgotten: community matters more than credentials.
Meanwhile, the world was changing.
Cyberattacks from Russia, China, Iran, and North Korea were starting to hit headlines. My background in international relations suddenly felt relevant in a whole new way. I began teaching myself cybersecurity, completely from scratch. I wasn’t learning it to pass an exam. I was learning it to understand what was happening in the world.
While studying threat actors, I came across MITRE’s TRAM (a tool that maps text to MITRE ATT&CK® techniques). I also discovered Searx, a privacy-respecting metasearch engine.
And then I had a realisation:
TRAM could analyse cyber reports. Searx could collect them.
Together, they could automate part of the cyber threat intelligence process.
Except… TRAM didn’t work out of the box. I was giving a talk on APT29’s tactics, techniques and procedures (TTPs) over a 10-year period, and I had to map all the reports manually. TRAM just wasn’t ready.
I showed the idea to government teams. They liked it. But no one picked it up.
Eventually, I left my job and teamed up with a friend who could code. I said, “If you can build this pipeline, I’ll do the intel work.”
And so we built.
We forked TRAM and called our version Thread. We rewrote sections of it, updated it, added new functionality, and kept going long after the original project went dormant. MITRE later rebooted TRAM with a different architecture, but again, after a short burst of activity, it seemed to stall.
Meanwhile, we started building a community.
We brought on someone I’d met through Mozilla to help us grow an open source community from scratch. And when Searx also went quiet, we forked it too, and renamed it Tracery.
We weren’t just users anymore.
We were maintainers.
Arachne Digital is a for-profit company. But we believe in a simple rule:
If you rely on open source, you should help maintain it.
So that’s what we do. We contribute where we can. And where the original project stalls, we step in and actively maintain the fork.
We now maintain multiple open source security tools, with more coming. And we’re just getting started.
The truth is:
You don’t need to be a coding genius to become a maintainer.
You just need curiosity. Commitment. A sense of responsibility to something bigger than yourself.
That’s what drives the open source world, and it’s what drives us at Arachne Digital.
If you’ve ever wanted to get involved in open source security software or threat intelligence, we’d love to have you. You can start small. Review a README. File an issue. Join a call. Or just introduce yourself.
Open source isn’t just about code. It’s about people.
And you belong.
“Arachne Digital’s team works closely with us in integrating our tool, Speculo, with their data. Speculo is designed to help organisations get a full picture of their cyber risk with reliable analytics and a streamlined risk assessment process. The integration of Arachne Digital’s threat intelligence into Speculo provides evidence-based insights into cyber risks, making the tool more relevant to our customers. Arachne facilitated multiple face-to-face meetings and video calls, provided technical resources, comprehensive documentation, and example reports. This collaboration ensured that we could seamlessly integrate and utilize their data, significantly enriching the value we deliver to our clients.
Arachne Digital’s commitment to excellence and their proactive approach in supporting our needs have made them an indispensable partner. We highly recommend their services to any organisation looking to strengthen their threat intelligence capabilities.”
Arachne Digital is proud to partner with the DISARM Foundation as the inaugural member of their Partner Programme, launched at the beginning of 2024.
This partnership is crucial in supporting the DISARM Foundation’s mission to maintain and enhance the DISARM Framework, ensuring it remains a free and continuously updated resource in the fight against disinformation.
Through our collaboration, Arachne Digital provides valuable feedback, promotes the integration of the framework into our operations, and encourages wider adoption within the defender community. This partnership highlights our commitment to combating evolving threats and fostering a secure digital environment.