drawing Groundry

👋 Hi! We are the one person research lab of Martin Schwaighofer!

We research the applications of cloud build systems, like Nix ❄️, to software supply chain security problems.

Our flagship research goal is turning every arrow in a dependency tree into a verifiable subtree describing the build host.

Similar ideas have been said to lead to “fractals and H.P. lovecraft-style madness”, but we believe that developing approaches for managing the “trusting trust” problem is better than forever ignoring it out of fear, or because it’s “technically unsolvable” - the best kind of unsolvable 😅. Not only does our way of doing this put security boundaries and incentives very much in line, but it also leads to very desirable properties at verification time. Take a look at our latest publication on Extending Cloud Build Systems to Eliminate Transitive Trust 🧑‍🔬 to learn more, email us 📧, or just book a free consultation with us 📅 if you are curious. We’re happy to get to know you. 😊

You can also read our announcement blog post ⬇️ to find out how we plan to finance our work, and whether we could be a valuable partner to your organization.

Announcing Groundry

Why? Since our (royal ‘we’, because we are so great) PhD work is taking more time than we expected, our funding at University is running out, but we strongly feel that we are on to something important with our current research direction. This is why we are founding Groundry as a means to further pursue that research direction, while increasing the impact of our work by working directly with a select number of clients and other partners. ...

February 12, 2025 · 3 min · Martin Schwaighofer