European Research Council grants for code reviews
The European Research Council (ERC) is funding several open source software research projects, including code audits, security testing and on cryptography. Each of four projects in Austria, France and Germany received just under EUR 2 million in so-called Consolidator Grants.
One such grant was awarded to the code vulnerability review of Rust, an open source programming language that is designed to be safe. Rust is used for Mozilla’s experimental web browser engine Servo.
The grant will let the Max Planck Institute for Software Systems in Saarbrücken and Kaiserslautern (Germany) verify that Rust's safety claims are justified. The project is led by Derek Dreyer, a researcher at the institute and a computer science teacher at the University of Saarland.
A second Consolidator Grant is for the ‘Programming Securely with Cryptography’ project at INRIA - France’s national computer science research institute. The ‘Prosecco project’ results include miTLS - an open source, verified reference implementation of the TLS protocol, and F*, an open source programming language allowing precise code specifications.
The ERC Grant is intended for the design of a secure cryptographic process, “notably including the security core of the web browser”, the Paris-based INRIA research director Karthik Bhargavan is quoted as saying in a press release. “We will exclusively produce open source code”, Bhargavan added, reached by email. “Occasionally we test closed source code for serious security vulnerabilities, but in those cases, the tools we use to analyse them will be open.”
A third ERC grant is awarded to the Technische Universität Graz (Austria). Professor Stefan Mangard’s research project, which he says includes open source software, will tests ways to secure code against attacks that exploit certain properties of the computer hardware.
A fourth grant is for the IST Austria, a computer research centre near Vienna. Here computer scientist and cryptographer Krzysztof Pietrzak will use the grant to continue development of techniques to prove popular cryptographic protocols and schemes.
“We are a theory group, and as such hardly ever produce software”, Pietrzak commented in an email. “One recent exception is a cryptocurrency implemented by co-authors at MIT and which we make available via Github. Should we produce any software during the project, I don't see any reason why we should not want to make it available as open source.”
Press release by the University of Saarland (in German)
Press release by INRIA
Press release by the Technical University of Graz (in German)
Press release by IST Austria (in German)
ERC Consolidator grant award announcement (PDF)