verifiable security without single points of failure
Most systems still rely on single individuals or computers, unverifiable software, and opaque processes. We’re redesigning security for transparency from the ground up.
creating the building blocks for provable security
Modern software systems still rely on trust in individuals—maintainers, IT admins, or third-party providers. But what happens when they are compromised? How do you verify that the software running on your systems hasn’t been tampered with?
We’ve identified critical missing pieces needed to remove single points of failure at every level. Our approach covers the complete lifecycle of software from your toolchains and dependencies to how your code is built, signed, verified and deployed.
By combining multi-party trust, remote attestation, and bit-for-bit reproducibility, we are methodically eliminating trust assumptions, ensuring security isn’t just a claim—it’s provable.
See what we're building →our roadmap
We are actively working on a number of different projects, and looking to fund others. Here is what's on the way and what's coming next.
SourceId ensures that source code integrity is verifiable. It prevents tampering of archives and other formats used for delivering source code by standardizing code and generating a hash-based fingerprint of the tree which includes all essential files.
SigRev is a crowdsourcing framework extending SourceID with signed code reviews. It enhances open-source security by making comprehensive manual reviews discoverable, overcoming the limitations of static analysis tools.
Learn more →
StageX is a hermetic, deterministic and reproducible toolchain providing multi-signed OCI images for popular software. This approach removes single points of failure in sofware builds.
Learn more →
ReprOS is a bare-bones immutable OS designed for securely reproducing and signing software. Each build is executed in a one-time use environment, eliminating persistent risks.
Learn more →
Keyfork simplifies cryptographic material management by deriving any number or type of keys from a single entropy source. This greatly simplifies secret management complexity while maintaining security.
Learn more →
Icepick provides a framework for offline verified cryptographic signing operations. Its modular design provides a unified interface for a wide range of cryptographic signing tasks.
Learn more →
Bootproof provides a way to prove what software booted on a given system by leveraging platform hardware or firmware remote attestation technologies.
Learn more →
EnclaveOS is a minimal and immutable operating system for running security critical software with high accountability. It can be extended to support multi-party management of secrets such that no person can control them alone.
Learn more →
Detailed set of practices, ceremonies and documentation for generating, backing up and using secrets that you can't afford to lose. Combines the best of tactics of major custodians as an open framework available for everyone.
Learn more →
❝Our mission is to use our knowledge to bring open source solutions to the world that improve the security, privacy and freedom of as many individuals as possible. We believe having verifiable foundations that technologies can be built upon are a fundamental step towards improving the well being of our species, and solving the coordination problem.❞
powered by distrust
Companies are already choosing to adopt our methodologies to help secure their systems.
want to help with our vision?
If you would like to help us please sponsor our work or get involved as a contributor.