Mozilla, Intel, Red Hat Target Open Source Security With Bytecode Alliance

DevOpsOpen SourceProjectsSoftware

Partnership of open source players seeks to implement standards for coding outside the browser

The Bytecode Alliance has been announced in an effort to build a secure by default, composable future for WebAssembly.

WebAssembly is an open standard that defines a portable binary code format for executable programs, mostly used for web pages, but it can be used in other environments as well.

The Bytecode Alliance aims to “forge WebAssembly’s outside-the-browser future by collaborating on implementing standards and proposing new ones. Our founding members are Mozilla, Fastly, Intel, and Red Hat, and we’re looking forward to welcoming many more,” it said.

women code database programming tech © Semisatch Shutterstock

Bytecode Alliance

“We have a vision of a WebAssembly ecosystem that is secure by default, fixing cracks in today’s software foundations,” said the firms. “And based on advances rapidly emerging in the WebAssembly community, we believe we can make this vision real.”

The Bytecode Alliance said that users are at risk because developers are building massively modular applications, where 80 percent of the code base comes from package registries like npm, PyPI, and crates.io.

Although using these ecosystems isn’t bad, the problem stems from the fact that current software architectures weren’t built to make this safe. Threat actors are increasingly exploiting this.

So the Bytecode Alliance is proposing a solution for the WebAssembly ecosystem, where developers can choose to design in a way that’s secure by default, thanks to the industry partnership.

“Together, we’re putting in solid, secure foundations that can make it safe to use untrusted code, no matter where you’re running it – whether on the cloud, natively on someone’s desktop, or even on a tiny IoT device,” said the Bytecode Alliance.

“With this, developers can be as productive as they are today, using open source in the same way, but without putting their users at risk,” it said. “This common, reusable set of foundations can be used on their own, or embedded in other libraries and applications.”

It said it is currently collaborating on a number of areas including runtimes, runtime components, and language tooling.

Changing the web

“WebAssembly is changing the web, but we believe WebAssembly can play an even bigger role in the software ecosystem as it continues to expand beyond browsers,” said Luke Wagner, distinguished engineer at Mozilla and co-creator of WebAssembly.

“This is a unique moment in time at the dawn of a new technology, where we have the opportunity to fix what’s broken and build new, secure-by-default foundations for native development that are portable and scalable,” he said. “But we need to take deliberate, cross-industry action to ensure this happens in the right way.”

“Intel is joining the Bytecode Alliance as a founding member to help extend WebAssembly’s performance and security benefits beyond the browser to a wide range of applications and servers,” said Mark Skarpness; VP, Intel Architecture, Graphics, and Software. “Bytecode Alliance technologies can help developers extend software using a wide selection of languages, building upon the full capabilities of leading-edge compute platforms.”

Know all about data centres? Try our quiz!

Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio