WASHINGTON — The cybersecurity firm SpiderOak announced Oct. 17 that it will make its encryption-based software open source. This allows external developers to contribute to the project and improve security features through collaboration.
SpiderOak’s software is sold to U.S. government agencies, as well as companies in the space and defense sectors. The company uses a zero-trust cybersecurity architecture, which assumes no entity is trustworthy by default.
Open-source projects allow public access to the software’s code, enabling third parties to inspect, modify, and improve it, which can lead to faster identification and resolution of vulnerabilities.
Project ‘Aranya’
The open-source project, called Aranya, offers the same protections as the OrbitSecure platform used by the Defense Department, SpiderOak said in a news release.
“Technology manufacturers will be able to embed and extend these same zero-trust protections natively into their own systems,” the company said. “OrbitSecure customer-specific code remains safely kept on closed SpiderOak networks and is not nor ever included in the open-source releases.”
“Nothing is changing in the execution of our contracts,” SpiderOak said in a statement.
OrbitSecure is a cybersecurity platform designed for space systems that uses distributed-ledger technology for managing encryption keys. This decentralized system allows for continuous operations even in disconnected or contested environments,
SpiderOak last year demonstrated OrbitSecure aboard the International Space Station.
With the Aranya project the company is seeking to harden systems against increasingly sophisticated AI assisted attacks including malware, ransomware, command injection and spoofing techniques.
Satellite software manufacturers, for example, could use Aranya to embed protections across entire networks.
“By open sourcing the core technology, we’re providing both the defense and commercial industries with a critical tool to cyber harden their most important systems and protect the critical operations these systems support,” said Charles Beames, executive chairman of SpiderOak.
SpiderOak’s Aranya project is available for GitHub members. “Non-SpiderOak contributions are both analyzed by automated malware scanning services as well as carefully reviewed by security-trained developers before inclusion,” the company said.