Publicly Released Audits by Least Authority and Leviathan Security Pave Way for New Future of Transparency and Openness

SAN FRANCISCO, CA – Apr 29, 2014 — / — SpiderOak, the ‘Zero-Knowledge’ privacy cloud technologies provider, today announced the public release of the world’s first ‘Zero-Knowledge’ application development framework, Crypton.

Crypton enables application developers — whether in startups or large enterprises — to easily build cryptographically secure cloud applications from the ground up. This open-source, Privacy-as-a-Platform™ approach offers a simple and effective new method for creating privacy-oriented applications that can utilize any backend storage provider. Following a series of audits by security researchers at Least Authority and Leviathan, and subsequent vulnerability fixes, SpiderOak has officially released the open-source framework to the developer community.

“As public awareness of online privacy and security issues grow, the software community needs to demonstrate that they have the capability to protect user data in the cloud. Our decision to make public the code and audits of this application framework is part of our commitment to full transparency and openness with the community,” said SpiderOak CEO Ethan Oberman. “In the wake of major security lapses such as Heartbleed, for example, it is incumbent on companies producing frameworks and toolkits to adopt not just an open model but also an open audit model whereby the community can review, understand and work together to create and support the right foundation for these products.”

Currently, most applications that use cloud technologies sacrifice privacy because plaintext information remains viewable on the server. Crypton represents a new path forward by empowering application developers to realize ‘Zero-Knowledge’ privacy cloud environments out-of-the-box. By transparently handling the complicated cryptography layers through the application framework, Crypton makes it easy for developers to focus on domain-specific challenges instead of worrying about how to administer a privacy-oriented solution after the fact.

Public Third-Party Audits Set the New Standard for Secure Application Development
It is common for software providers to undergo security audits to ensure the viability of a code base. However, it is extremely rare that the audit firm or its results are shared publicly for fear of public scrutiny and/or future accountability.

SpiderOak has taken a decidedly different approach. The company has commissioned a series of third-party audits of Crypton’s open-source framework by security researchers at Least Authority, a company with deep experience building verifiably secure storage systems, and Leviathan Security Group, a risk management and security solutions provider.

SpiderOak has made the audits fully available to the public, in accordance with its commitment to complete openness and transparency with the community about how private data is generated, stored and protected through the application framework. Along with the public audits, SpiderOak is openly tracking all of the fixes on Crypton’s GitHub page for anyone to review. The company hopes this type of open development and audit process will set a new bar for how these processes work moving forward.

For reference, the Least Authority audit may be downloaded here; the Leviathan audit may be downloaded here; and Crypton’s GitHub page can be accessed here.

About SpiderOak
SpiderOak provides a cloud backup, sync, and sharing environment that is 100% private. Our ‘Zero-Knowledge’ Privacy Standard ensures absolute confidentiality between you and your data, everywhere, every time and from every device. With SpiderOak, you maintain full and complete control of your data in a centralized, managed and fully protected environment. SpiderOak: we’ve got your back(up).

Media Contact:
Sammy Totah
BOCA Communications
+1.415.738.7718 ext. 7

Source: SpiderOak