Can we build a secure code delivery system for the web, too? If we had a one built into our browsers, security would be a whole lot better. There would be no more compromised websites serving malware, and we could finally bring usable crypto, like LastPass, Cryptocat, miniLock, and GlobaLeaks to the masses.
Cyph (cyph.com) has exactly this; see cyph.team/websigndoc for more detail.
Cryptographic signatures are implemented, reproducible builds are on the way in the near future, and a very basic non-decentralised userbase consistency verification could be included in our planned reproducible build script by comparing the package in one's local browser to the one on github.com/cyph/cyph.github.io (which could eventually be migrated to a blockchain or something).
I've heard of Cyph, in passing, before. I haven't had a chance to look at the code yet. I presume https://github.com/cyph/cyph is the repo for the actual app?
Then add endpoint security. Then add certified compilation to know compiler passes don't add vulnerabilities. Then add reproducible builds, cryptographic signing, and so on. Now one sees the scope of the problem. At this point, most people will just ignore most of the problem in favor of implementing a subset and saying they "secured the build and deployment process." ;)
I was definitely glad to see that when he posted it. Getting some mainstream attention. Meanwhile, CompSci has been doing things like CompCert C compiler, strong analysis showing absence of common issues, and so on. We have stuff to use right now at varying stages of completion. People just have to heed the call and build on it.
Cyph (cyph.com) has exactly this; see cyph.team/websigndoc for more detail.
Cryptographic signatures are implemented, reproducible builds are on the way in the near future, and a very basic non-decentralised userbase consistency verification could be included in our planned reproducible build script by comparing the package in one's local browser to the one on github.com/cyph/cyph.github.io (which could eventually be migrated to a blockchain or something).