Cybersecurity

MITRE Couldn’t Scale Caldera Alone

Paul Asadoorian
Paul AsadoorianMay 28, 2026

Why It Matters

Shifting Caldera to Apache could accelerate development and wider adoption of a key ATT&CK testing tool by unlocking community resources, improving operational testing for defenders—but it also raises governance and security trade-offs as responsibility moves to a broader open-source ecosystem.

Summary

MITRE has transferred its Caldera adversary-emulation platform to the Apache Software Foundation to enlist broader open-source collaboration and resources after struggling to scale the project internally. The move aims to tap Apache’s stewardship and contributor base to revitalize development and adoption of Caldera, which automates testing against the MITRE ATT&CK framework. Stakeholders note the transfer could bring needed manpower and visibility, though Apache-hosted projects have sometimes faced security challenges. Observers say the change may reintroduce Caldera to the cybersecurity community after a period of limited attention.

Original Description

MITRE is transferring the Caldera cybersecurity platform to the Apache Foundation to encourage broader open source collaboration and long-term project support.
Caldera is widely used for testing systems against the MITRE ATT&CK framework and simulating adversary behavior across enterprise environments.
As cybersecurity projects grow in complexity and adoption, maintaining them requires sustained engineering resources, governance, and community involvement. Moving projects into larger open source foundations can improve longevity and development speed, but it also introduces new coordination and security challenges.
The shift reflects a broader trend in cybersecurity: important defensive tooling increasingly depends on shared ecosystems rather than single organizations.
Are major cybersecurity projects becoming too large for individual organizations to realistically maintain alone?
Subscribe to our podcasts: https://securityweekly.com/subscribe
#OpenSource #MITRE #SecurityWeekly #Cybersecurity #InformationSecurity #AI #InfoSec

Comments

Want to join the conversation?

Loading comments...