Groundry

👋 Hi! We are the future one person research lab of Martin Schwaighofer!

We research the applications of cloud build systems, like Nix ❄️, to software supply chain security problems.

Our flagship research goal is turning every arrow in a dependency tree into a verifiable subtree describing the build host.

Similar ideas have been said to lead to “fractals and H.P. lovecraft-style madness”, but we believe that developing approaches for managing the “trusting trust” problem is better than forever ignoring it out of fear. Not only does our way of doing this put security boundaries and incentives very much in line, but it also leads to very desirable properties at verification time. Take a look at our latest publication on Extending Cloud Build Systems to Eliminate Transitive Trust 🧑‍🔬 to learn more, email us 📧, or just book a free consultation with us 📅 if you are curious. We’re happy to get to know you. 😊

You can also read our announcement blog post ⬇️ to find out how we plan to finance our work, and whether we could be a valuable partner to your organization.

Announcing laut

We are working on the prototype of our ideas in public now! I decided to name it 📣 laut 📣, and you can can find it at: https://github.com/mschwaig/laut The README.md and issue tracker there have a bunch more information. lautthe command line utility is not ready for any kind of actual use, but it’s ready for collaboration and us working on it together! Additionally, my contract at University got renewed until December. 🥳 With my research funded until then, starting up Groundry is a less urgent matter. I still want to continue pursuing the idea and using the name, for a future where I can and need to stand on my own feet with this work. ...

Announcing Groundry

Why? Since our (royal ‘we’, because we are so great) PhD work is taking more time than we expected, our funding at University is running out, but we strongly feel that we are on to something important with our current research direction. This is why we are founding Groundry as a means to further pursue that research direction, while increasing the impact of our work by working directly with a select number of clients and other partners. ...