When Nathaniel McCallum and I embarked on the project which is now called Enarx, we made one decision right at the beginning: the code for Enarx would be open source, a stance fully supported by our employer Red Hat (see standard disclaimer). All of it, and for ever. That’s a decision that we’ve not regretted at any point, and it’s something we stand behind. As soon as we had enough code for a demo, and were ready to show it, we created a repository on github and made it public. There’s a very small exception, which is that there are some details of upcoming chip features that are shared with us under NDA where if we write code for them, publishing that code would be a breach of the NDA. But where this applied (which is rarely) we are absolutely clear with the various vendors that we intend to make the code open as soon as possible, and lobby them to release details as early as they can (which may be earlier than they might prefer), so that more experts can look over both their designs and our code.
Auditability and trust
This brings us to possibly the most important reasons for making Enarx open source: auditability and trust. Enarx is a security-related project, and I believe passionately not only that security should be done in the open, but that if anybody is actually going to trust their sensitive data, algorithms and workloads to a piece of software, then they want to be in a position where as many experts as possible have looked at it, scrutinised it, criticised it and improved it: whether that is the people running the software, their employees, contractors or (even better) the wider security community. The more people who check the code, the happier you should be to trust it. This is important for any piece of security software, but vital for software such as Enarx which is designed to protect your more most sensitive workloads.
There are bugs in Enarx. I know: I’m writing some of the code and I found one yesterday (which I’d put in), just as I was about to give a demo. It is very, very difficult to write perfect code, and we know that if we make our source open, then more people can help us fix issues.
For Nathaniel and me, open source is an ethical issue, and we make no apologies for that. I think it’s the same for most, if not all, of the team working on Enarx. This include a number of Red Hat employees (see standard disclaimer), so shouldn’t come as a surprise, but we have non-Red Hat contributors from a number of backgrounds, and we feel that Enarx should be a Common Good, and contribute to the commonwealth of intellectual property out there.
More brain power
Making something open source doesn’t just make it easier to fix bugs: it can improve the quality of what you produce in general. The more brain power you have to apply to the problem, but better your chances of making something great – assuming that the brain power is applied efficiently (not always an easy task!). We had a design meeting yesterday where one of the participants said towards the end, “I’m sure I could implement some of this, but don’t know a huge amount about this topic, and I’m worried that I’m not contributing to this discussion.” In fact, they had, by asking questions and clarifying some points, and we assured them that we wanted to include experienced, senior developers for their expertise and knowledge, and to pull out assumptions and to validate the design, and not because we expected everybody to be experts in all parts of the project. Having bright people around, involved in design and coding, spreads expertise and knowledge, and helps keep the work from becoming an insulated, isolated “ivory tower” construction, understood by few, and almost impossible to validate.
Not just code
It’s not just our coding that we do in the open. We manage our architecture in the open, our design meetings, our protocol design, our design methodology, our documentation, our bug-tracking, our chat, our CI/CD processes: all of it is open. The one exception is our vulnerability management process, which needs to have the opportunity for confidential exposure for a limited time.
- Code – https://github.com/enarx
- Wiki – https://github.com/enarx/enarx/wiki
- Design – see wiki and https://github.com/enarx/rfcs
- Issues & Pull Requests – https://github.com/enarx/enarx/issues & https://github.com/enarx/enarx/pulls
- Chat – https://chat.enarx.dev (thanks to Rocket.chat!)
- CI/CD resources – thanks to Packet!
- Stand-ups – https://github.com/enarx/enarx/wiki/How-to-contribute
We also take diversity seriously, and the project contributors are subject to the Contributor Covenant Code of Conduct.
In short, Enarx is an open project. I’m sure we could do better, and we’ll strive for that, but our underlying principles are that open is good in general, and vital for security. If you agree, please come and visit!
1 – Non-Disclosure Agreement.
2 – to the surprise of many of the team, including myself. At least it’s not in Perl.
3 – I fixed it. Admittedly after the demo.
4 – we’ve just moved to a Sprint pattern – the details of which we designed and agreed in the open.