This is a difficult post to write.
A year ago, my company launched the latest iteration of our operating system, AirStash OS. Since that announcement I’ve spent the last year trying to convince anyone who would listen of the need for IoT product development platforms that are actually secure out of the box, backed by formal methods and solid engineering. We built the technology to back this up: a hardware memory-protected operating system with an unprivileged "kernel" supporting Java or Kotlin applications on incredibly low-cost Cortex-M4 based single chip wireless microcontrollers, and an industry-first commercial demonstration of the same operating system hosted under the formally verified seL4 microkernel.
Today, for want of a minuscule amount of investment (well below the amount of the typical seed round), I am forced to defer this dream. I don’t have the connections to talk to the best VCs, and the ones that we could talk to simply didn’t get what we were doing. Large companies, meanwhile, are unconvinced of the potential for disaster - and liability - resulting from poor product security, and are often too invested in their own platforms to consider outside solutions. Startups have no money, and our attempt to find government funding ran aground for mysterious reasons - though people familiar with the funding agency in question expressed no surprise at this turn of events.
There are no words for the frustration and sadness I feel about this. Much of what we started will go unfinished. We’ve been working on a new implementation of TLS in Rust, adapting a trick of Oleg’s to establish additional safety properties at the type level. We were planning on releasing this publicly, for everyone. This won’t happen anymore. We’ve been using KLEE and tis-interpreter to exhaustively test properties of our networking stack, but we’ll never finish testing all the invariants of our TCP state machine. It goes on from there.
We built this platform because the world needs it, but the world doesn’t seem to know it yet. The story of this industry is littered with startups who had a better technology or the right solution to a problem that not enough people had recognized yet. Converting solutions into money isn’t always easy, no matter how large the problem.
We were already a very small team of six people, covering both hardware and software development. I can’t sustain this level of platform development with fewer people than that. I’m not giving up completely, but for now we have to retreat and regroup, and find a way to put our success back in our own hands and in the hands of individual customers. We’re product people at heart, my cofounder and I, and maybe it’s time to go back to what we do best.
I thought I could beat the odds. The people who followed me thought we could, too. Was I wrong to think that? Either way it doesn’t matter. It was the right thing to do, and if I had to do it all over again, I would.