software

verifiable security without single points of failure


Most systems still rely on single individuals or computers, unverifiable software, and opaque processes. We’re redesigning security for transparency from the ground up.

View software

creating the building blocks for provable security

Modern software systems still rely on trust in individuals—maintainers, IT admins, or third-party providers. But what happens when they are compromised? How do you verify that the software running on your systems hasn’t been tampered with?

We’ve identified critical missing pieces needed to remove single points of failure at every level. Our approach covers the complete lifecycle of software from your toolchains and dependencies to how your code is built, signed, verified and deployed.

By combining multi-party trust, remote attestation, and bit-for-bit reproducibility, we are methodically eliminating trust assumptions, ensuring security isn’t just a claim—it’s provable. And as everything we do, all our software is open source.

See what we're building

our software

We are actively working on a number of different projects, and looking to fund others. Here is what's on the way and what's coming next.

SourceId
 | 
source code integrity
fundraising

SourceId ensures that source code integrity is verifiable. It prevents tampering of archives and other formats used for delivering source code by standardizing code and generating a hash-based fingerprint of the tree which includes all essential files.


Components:
StageX
View git repository
SigRev
 | 
crowdsourced code review
fundraising

SigRev is a crowdsourcing framework extending SourceID with signed code reviews. It enhances open-source security by making comprehensive manual reviews discoverable, overcoming the limitations of static analysis tools.


Components:
SourceId
StageX
View git repository
StageX
 | 
deterministic reproducibility
active

StageX is a hermetic, deterministic and reproducible toolchain providing multi-signed OCI images for popular software. This approach removes single points of failure in sofware builds.


Components:
SourceId
SigRev
StageX
View git repository
ReprOS
 | 
ephemeral build environments
in-progress

ReprOS is a bare-bones immutable OS designed for securely reproducing and signing software. Each build is executed in a one-time use environment, eliminating persistent risks.


Components:
SourceId
SigRev
StageX
Bootproof
View git repository
Keyfork
 | 
deterministic key management
active

Keyfork simplifies cryptographic material management by deriving any number or type of keys from a single entropy source. This greatly simplifies secret management complexity while maintaining security.


Components:
SourceId
SigRev
StageX
View git repository
Icepick
 | 
cryptographic operations
active

Icepick provides a framework for offline verified cryptographic signing operations. Its modular design provides a unified interface for a wide range of cryptographic signing tasks.


Components:
SourceId
SigRev
StageX
View git repository
AirgapOS
 | 
air-gapped OS
active

AirgapOS is a minimal, immutable offline first environment for secret management. It ships with a swiss-army knife of tools and an extensibility framework to cover most secure administration needs.


Components:
SourceId
SigRev
StageX
Keyfork
Icepick
View git repository
Bootproof
 | 
remote attestation
fundraising

Bootproof provides a way to prove what software booted on a given system by leveraging platform hardware or firmware remote attestation technologies.


Components:
SourceId
SigRev
StageX
View git repository
EnclaveOS
 | 
trusted execution environments
in-progress

EnclaveOS is a minimal and immutable operating system for running security critical software with high accountability. It can be extended to support multi-party management of secrets such that no person can control them alone.


Components:
SourceId
SigRev
StageX
Keyfork
Bootproof
View git repository
Vault
 | 
prescriptive key management
in-progress

Detailed set of practices, ceremonies and documentation for generating, backing up and using secrets that you can't afford to lose. Combines the best of tactics of major custodians as an open framework available for everyone.


Components:
SourceId
SigRev
StageX
AirgapOS
Keyfork
Icepick
Bootproof
View git repository

❝Our mission is to use our knowledge to improve the security, privacy, and freedom of as many individuals as possible. We believe having verifiable foundations on which technologies can be built is a fundamental step toward improving the wellbeing of our species and solving the coordination problem.❝ — Distrust team

powered by distrust

Companies are already choosing to adopt our methodologies and tooling to help secure their systems.

Using StageX and ReprOS to improve their supply chain security story.

Learn more

The SUI cryptocurrency is leveraging StageX to build their nodes in a deterministic manner in order to eliminate single points of failure.

Learn more

Using StageX to build their widely used Talos Linux distribution specialized in delivering kubernetes features.

Learn more

want to help with our vision?

If you would like to help us, please sponsor our work or get involved as a contributor.

Get in touch