The Bytecode Alliance, formed by Fastly, Intel, Mozilla, and Red Hat to move WebAssembly beyond the browser, has created a non-profit organization with the help of Microsoft to further their cause.
The gang has also added six more member organizations to advance its mission to make software more modular, secure, and fast.
In addition to Microsoft, the new members are: Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California San Diego.
In a statement, Bobby Holley, distinguished engineer at Mozilla and a Bytecode Alliance board member, described software development today as a set of vexing trade-offs.
"If you want to build something big, it’s not realistic to build each component from scratch," Holley said. "But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.
"Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains."
'It's where the industry is heading': LibreOffice team working on WebAssembly portREAD MORE
WebAssembly is a low-level byte code generated by higher level languages like C/C++ or better yet, because of its memory safety, Rust. It's an assembly-like programming language or structured stack machine, as opposed to a general stack machine like the JVM.
As a compilation target for higher level code, WebAssembly or wasm libraries are often added to web-based applications to handle computationally intensive operations.
Feross Aboukhadijeh, an open-source developer and co-creator of Wormhole, told The Register in an email that WebAssembly has two main benefits.
"WebAssembly allows developers to take existing C and C++ codebases and run them on the web, with little to no modifications," said Aboukhadijeh. "This is great for reusing old code like
Code for the future
The Bytecode Alliance sees WebAssembly, and various related code infrastructure projects like WebAssembly System Interface (WASI), WebAssembly Micro Runtime (WAMR), and Lucet, as a way to deal with difficult-to-secure package registries like npm, PyPI, and crates.io that form the foundation of modern software development.
- Internet Archive to preserve Flash content for posterity with Ruffle emulator
- Your web browser running remotely in Cloudflare's cloud. That's it. That's the story
- The W3C steers the way the World Wide Web works. Yet it is reluctant to record crucial meetings – and its minutes are incomplete
Package registries are essentially databases of previously written code that developers can import into their own projects so they don't have to solve problems already solved by existing programs. This saves an enormous amount of time but can lead to security problems if the imported modules have inadvertent or deliberate flaws.
As Lin Clark, Fastly senior principal software engineer, wrote in 2019 while at Mozilla, 80 per cent of code bases come from these package registries. So there's much to be gained by limiting the potential harm from any buggy or malicious libraries in an application.
WebAssembly aims to do so through nanoprocesses, which create memory-efficient isolated sandboxes for each wasm module or library. It has the potential to replace microservices with quarantined, wasm-based nanoprocesses. And that's more or less the mission of the Bytecode Alliance.
With its incorporation as a 501(C)(6) organization and its membership expansion, the Bytecode Alliance is looking to extend its vision of more modular, secure, performant applications to a broader set of environments, like the cloud and the network edge.
"WebAssembly and the emerging WebAssembly System Interface (WASI) specification enable cloud-native solutions to become more secure by default and help solve computing challenges across a variety of environments, including the 'tiny edge' of systems-on-a-chip (SoCs) and microcontroller units (MCUs)," said Ralph Squillace, principal program manager, Azure Core Upstream, at Microsoft and Bytecode Alliance board member in a statement.
Holley said the technical community has a chance to change the way software is built in a way that will empower small teams to develop big projects that manage to be both secure and speedy.
"Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way," he said.
Maybe wasm is that technology. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Edge Computing
- Google Cloud Platform
- Hybrid Cloud
- Identity Theft
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Private Cloud
- Public Cloud
- Visual Studio
- Visual Studio Code
- Web Browser