Groundry

👋 Hi! Groundry is the one person research lab of Martin Schwaighofer!

I research the applications of cloud build systems, like Nix ❄️, to software supply chain security problems.

My flagship research goal is turning every arrow in a dependency tree into a verifiable subtree describing the build host.

Similar ideas have been said to lead to “fractals and H.P. lovecraft-style madness”, but I believe being pedantic and methodical is the right way to manage the “trusting trust” problem. Not only does my approach put security boundaries and incentives very much in line, but it also leads to desirable and necessary flexibility at verification time. Take a look at my publication on Extending Cloud Build Systems to Eliminate Transitive Trust 🧑‍🔬 to learn more. I’ve also published Vibenix 🤖, an AI assistant for software packaging with Nix, to help migrate lots of software to Nix efficiently.

Email me 📧 or book a free consultation 📅 if you are curious. I’m happy to get to know you. 😊

You can also read the announcement blog post ⬇️ to find out how I plan to finance this work, and whether Groundry could be a valuable partner to your organization.

Terms & Pricing

Why? I strongly believe that improving the foundations that software supply chain security rests on is important, and that a more pedantic and principled approach to this problem is necessary as AI changes both how we produce software, and how easy it is to attack software. This is why I founded Groundry: to pursue this research full-time, while increasing the impact of my work by working directly with a select number of clients and other partners. ...

Announcing laut

I am working on the prototype of my ideas in public now! I decided to name it 📣 laut 📣, and you can find it at: https://github.com/mschwaig/laut The README.md and issue tracker there have a bunch more information. laut the command line utility is not ready for any kind of actual use, but it’s ready for collaboration and working on it together! Additionally, my contract at University got renewed until December. 🥳 With my research funded until then, starting up Groundry is a less urgent matter. I still want to continue pursuing the idea and using the name, for a future where I can and need to stand on my own feet with this work. ...