👋 Hi! Groundry is the one person research lab of Martin Schwaighofer!
I research the applications of cloud build systems, like Nix ❄️, to software supply chain security problems.
My flagship research goal is turning every arrow in a dependency tree into a verifiable subtree describing the build host.
Similar ideas have been said to lead to “fractals and H.P. lovecraft-style madness”, but I believe being pedantic and methodical is the right way to manage the “trusting trust” problem. Not only does my approach put security boundaries and incentives very much in line, but it also leads to desirable and necessary flexibility at verification time. Take a look at my publication on Extending Cloud Build Systems to Eliminate Transitive Trust 🧑🔬 to learn more. I’ve also published Vibenix 🤖, an AI assistant for software packaging with Nix, to help migrate lots of software to Nix efficiently.
Email me 📧 or book a free consultation 📅 if you are curious. I’m happy to get to know you. 😊
You can also read the announcement blog post ⬇️ to find out how I plan to finance this work, and whether Groundry could be a valuable partner to your organization.
Groundry