SpiderOak Announces Open Source Initiative for Zero Trust Cybersecurity

WASHINGTON – Cybersecurity company SpiderOak announced on October 17 that it will make its cryptography-based software open source. This allows external developers to contribute to the project and improve security features through collaboration.

SpiderOak’s software is sold to US government agencies as well as companies in the space and defense sectors. The company uses a zero-trust cybersecurity architecture, which assumes that no entity is trusted by default.

Open source projects allow public access to software code, allowing third parties to inspect, modify, and improve it, which can lead to faster identification and resolution of vulnerabilities.

‘Aranya’ Project

The open source project, called Aranya, offers the same protections as the OrbitSecure platform used by the Department of Defense, SpiderOak said in a press release.

“Technology manufacturers will be able to embed and extend these same zero trust protections natively into their own systems,” the company said. “OrbitSecure client-specific code remains securely maintained on closed SpiderOak networks and is never included in open source versions.”

“Nothing is changing in the execution of our contracts,” SpiderOak said in a statement.

OrbitSecure is a cybersecurity platform designed for space systems that uses distributed ledger technology to manage encryption keys. This decentralized system allows for continuous operations even in disconnected or contested environments,

SpiderOak last year demonstrated OrbitSecure aboard the International Space Station.

With the Aranya project, the company seeks to harden systems against increasingly sophisticated AI-assisted attacks, including malware, ransomware, command injection and spoofing techniques.

Satellite software makers, for example, could use Aranya to build protections into entire networks.

“By open sourcing core technology, we are providing defense and commercial industries with a critical tool to cyber harden their most important systems and protect the critical operations those systems support,” said Charles Beames, executive chairman of SpiderOak.

SpiderOak’s Aranya project is available to GitHub members. “Non-SpiderOak contributions are analyzed by automated malware scanning services and also carefully reviewed by security-trained developers before inclusion,” the company said.