I only recently learned about Facebook’s osquery project. If you have not looked at it, it is fairly impressive.
https://twitter.com/mikearpaia/status/697231558026002432
Mike Arpaia and Ted Reed of Facebook have post on Facebook infrastructure, and they include firmware in their coverage of infrastructure testing:
In late 2014, we released osquery to the open source community. It’s now an increasingly important element of maintaining insight into the security of Facebook infrastructure. As such, it’s held to incredibly strict security standards to ensure we’re not introducing new vulnerabilities into our network. We also committed to a high standard of code quality when we open-sourced it because we want to build a community of trust with a secure software development ecosystem. In this same vein, we believe it’s important for people who use osquery to know what we do to keep it secure. […]
https://code.facebook.com/posts/226775617661196/in-pursuit-of-secure-open-source-software/
Firmware Security 