Yesterday, the founder of QubesOS and Invisible Things, Joanna Rutkowska announced her resignation from the organization. She shared on the QubesOS’ blog, that she has joined Golem Project as a Chief Strategy Officer, also doubling as the Chief Security Officer. Joanna Rutkowska has been working on several fields of computer security engineering over the past 10 years. Her projects include desktop systems security, Qubes OS, virtualization security, and other hardware-enforced security mechanisms, such as Intel vPro technologies, their vulnerabilities, as well as how they could be used to build more secure systems. Prior to these, her primary focus was on kernel-mode rootkits and stealth malware (e.g. Blue Pill), including both offensive as well as defensive research. In her post on QubesOS, she said, “Earlier this year, I decided to take a sabbatical. I wanted to reflect on my infosec work and decide what I would like to focus on in the coming years. As you probably know, I’ve spent the last nine years mostly fighting the battle to secure the endpoint, more specifically creating, developing, architecting, and promoting Qubes OS, as well as the more general concept of ‘Security through Distrusting’.” QubesOS: A security-oriented FOSS Qubes is a free and open-source software (FOSS), which means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it. Joanna says, “Over these past nine years, Qubes OS has grown from a research-inspired proof-of-concept into a reasonably mature, large open-source project with dozens of contributors and tens of thousands of users, including some high-profile security experts.” She highlighted two challenges for Qubes, firstly, improving hardware compatibility and UX and secondly, the trustworthiness of the x86 platform. From QubesOS to the Golem Project Despite the challenges in QubesOS, Joanna decided to switch to Golem as she believes endpoint device security has reasonably matured and the QubesOS project is in good hands. She sees cloud security as the next big challenge on this decade. She wrote, “While I still believe that the security of our digital lives starts and ends with the trustworthiness of the client devices we use”. “I recognize that the state of endpoint device security has significantly improved over the past decade. At the same time, most of our data and activities have migrated from local devices to the cloud.”, she added. She highlighted some fundamental problems with cloud trustworthiness, which include: The service providers who own our data (e.g. the vendor of your fitness tracking app), The hosting infrastructure owners, who can both access our data as well as deny us use of the service at their discretion (e.g. AWS, Azure, GCP), and The networking infrastructure operators, who can also selectively cut us off from the services (e.g. to implement some form of censorship). She added, “These are very important problems, in my opinion, and I’d like to work now on making the cloud more trustworthy, specifically by limiting the amount of trust we have to place in it.” Following this, she mentioned that Golem is a very unique project for her. Golem has been on a mission to build a ‘decentralized computer’ out of a heterogeneous network of third-party provided computers. Golem was founded two years ago through a successful crowdfunding campaign that allowed it to build a strong development team. Golem’s funding model has eliminated two common obstacles–lack of money to hire enough people and the need to implement investors’ agenda– faced by most of the budding tech startups. She said, “Most importantly, we (ITL), have already been working with Golem over the past year. During that time I’ve had enough time to get to know some of the key people in the project, understand their personal agendas, and conclude they might be very much inline with my own.” Talking about QubesOS’ future, Joanna said that not much will change. Also that Marek Marczykowski-Górecki, QubesOS’ Lead engineer has been effectively leading most of the day-to-day efforts with Qubes OS development since recent years. “Marek will continue to lead Qubes now, so I’m reassured about the future of the project. I will also remain as an advisor to the Qubes OS Project, as well as… its user, though I’ve recently also been embracing other systems, including – of course – the cloud”, she added. To know more about this news in detail, head over to Joanna Rutkowska’s post ‘The Next Chapter’ on QubesOS. Read Next Sir Tim Berners-Lee on digital ethics and socio-technical systems at ICDPPC 2018 Mozilla shares plans to bring desktop applications, games to WebAssembly and make deeper inroads for the future web Why does the C programming language refuse to die?