0

Here is the lightly edited version of our interview with Polyverse CEO.

Bugs are part of software development process – Linus Torvalds

If you think about computers today, every software system has bugs. If you have a bug, at some point an adversary is going to figure out how to exploit that bug and take over your system. It just sort of goes hand in hand. If you have bugs in systems, there will be some kind of exploit, that’s almost mathematically provable.

It has to be very, very hard to get rid of all the vulnerabilities. If we knew how to fix every bug in software, we’d be having this conversation in Bora Bora and I would own the place, but we don’t know how to fix all the bugs in software.

If we can’t do that, then can we look at the other side of the coin? And that’s the payoff on the attack. Today it might take me months or years and millions of dollars to figure out how to actually exploit a bug, but if I do figure out how to hack a system, I’ll get every version of it because everything is a clone.

If I learn how to hack Windows, I’m going to take over a billion computers. We see this with things like the WannaCry hack that just go take over scores of systems seemingly overnight because they’re all clones of each other.

Moving Target Defense
The sort of idea that’s been around, of “moving target defense” for almost 30 years now. The idea is what if we create diversity in the environment? If you sort of think about it in a very simple way, Macs don’t get Windows viruses and Windows don’t get Mac viruses just as a general rule of thumb.

The reason is if I’m a cyber attacker, I need to know what it is that I’m attacking. I need to know that it’s a Windows computer or a Linux computer or something like that. I need to know those technical details. What happens if I don’t know? What happens if we make every computer unique? That’s been the concept of a moving target defense. My co-founders and I realized that actually that this old idea of, ‘what if we could make everything unique’ was extremely practical in 2015.

That’s how Polyverse started.

Now, by 2020 we’re running on millions of servers. We have 20,000 servers alone in our build farm that we run completely lights out, hands-free operations, so we’re doing this at massive scale. We took this sort of old academic idea and managed to do it at scale with a ‘one-click fire and forget’ install.