Yesterday, the founder of QubesOS and Invisible Things, Joanna Rutkowska announced her resignation from the organization. She shared on the QubesOS’ blog, that she has joined Golem Project as a Chief Strategy Officer, also doubling as the Chief Security Officer.
Joanna Rutkowska has been working on several fields of computer security engineering over the past 10 years. Her projects include desktop systems security, Qubes OS, virtualization security, and other hardware-enforced security mechanisms, such as Intel vPro technologies, their vulnerabilities, as well as how they could be used to build more secure systems. Prior to these, her primary focus was on kernel-mode rootkits and stealth malware (e.g. Blue Pill), including both offensive as well as defensive research.
In her post on QubesOS, she said, “Earlier this year, I decided to take a sabbatical. I wanted to reflect on my infosec work and decide what I would like to focus on in the coming years. As you probably know, I’ve spent the last nine years mostly fighting the battle to secure the endpoint, more specifically creating, developing, architecting, and promoting Qubes OS, as well as the more general concept of ‘Security through Distrusting’.”
Qubes is a free and open-source software (FOSS), which means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.
Joanna says, “Over these past nine years, Qubes OS has grown from a research-inspired proof-of-concept into a reasonably mature, large open-source project with dozens of contributors and tens of thousands of users, including some high-profile security experts.”
She highlighted two challenges for Qubes, firstly, improving hardware compatibility and UX and secondly, the trustworthiness of the x86 platform.
Despite the challenges in QubesOS, Joanna decided to switch to Golem as she believes endpoint device security has reasonably matured and the QubesOS project is in good hands. She sees cloud security as the next big challenge on this decade.
She wrote, “While I still believe that the security of our digital lives starts and ends with the trustworthiness of the client devices we use”. “I recognize that the state of endpoint device security has significantly improved over the past decade. At the same time, most of our data and activities have migrated from local devices to the cloud.”, she added.
She highlighted some fundamental problems with cloud trustworthiness, which include:
She added, “These are very important problems, in my opinion, and I’d like to work now on making the cloud more trustworthy, specifically by limiting the amount of trust we have to place in it.”
Following this, she mentioned that Golem is a very unique project for her. Golem has been on a mission to build a ‘decentralized computer’ out of a heterogeneous network of third-party provided computers. Golem was founded two years ago through a successful crowdfunding campaign that allowed it to build a strong development team.
Golem’s funding model has eliminated two common obstacles–lack of money to hire enough people and the need to implement investors’ agenda– faced by most of the budding tech startups. She said, “Most importantly, we (ITL), have already been working with Golem over the past year. During that time I’ve had enough time to get to know some of the key people in the project, understand their personal agendas, and conclude they might be very much inline with my own.”
Talking about QubesOS’ future, Joanna said that not much will change. Also that Marek Marczykowski-Górecki, QubesOS’ Lead engineer has been effectively leading most of the day-to-day efforts with Qubes OS development since recent years. “Marek will continue to lead Qubes now, so I’m reassured about the future of the project. I will also remain as an advisor to the Qubes OS Project, as well as… its user, though I’ve recently also been embracing other systems, including – of course – the cloud”, she added.
To know more about this news in detail, head over to Joanna Rutkowska’s post ‘The Next Chapter’ on QubesOS.
Sir Tim Berners-Lee on digital ethics and socio-technical systems at ICDPPC 2018
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…