This site is historical, from when Sandstorm was a startup. Sandstorm the open source project has moved to sandstorm.org. More info »

Sandstorm Blog

Sandstorm's security track record, and what it means for self-hosting

By Asheesh Laroia - 29 Feb 2016

Today I want to share the results of our own analysis of security issues of web apps available on the Sandstorm app market.

95% of security issues automatically mitigated, before they were discovered

Sandstorm automatically protects users from a huge fraction of the publicly disclosed security vulnerabilities discovered in apps on the Sandstorm app market, before the vulnerabilities were even disclosed. Of the issues we examined, 95% were wholly or partly mitigated. You can read the full report here in our documentation. The analysis covers publicly-disclosed vulnerabilities in Etherpad, WordPress, Roundcube, ShareLaTeX, and Tiny Tiny RSS. In WordPress, we limited our analysis to security issues of severity score 6 or higher, due to the large number of issues. We also mitigated 21 CVEs in the Linux kernel to prevent sandbox breakout.

We built Sandstorm to create a viable ecosystem for indie and open source web apps. When server apps are as safe to run as apps on a phone, people will feel free to choose whatever software they like. Consider that some Sandstorm apps, like Giftr, are small and don’t have as many people checking the code for bugs. Sandstorm protects you when you use those apps, too.

We know that security is risk-management, not binary. No software, Sandstorm included, will ever protect all user data from all bugs in all programs. However, raising barriers to a successful attack means fewer successful attacks will occur.

Self-hosted apps can be as secure as a centralized web app

With Sandstorm, you get an experience as easy to use as software-as-a-service, and you retain the privacy benefits of self-hosting. One of our key security strategies is to isolate each grain (typically, one document) separately, so that a buggy or malicious app has a hard time ruining your day. That degree of isolation is enabled by our various security practices.

I hope you’ll read the full analysis, prepared by myself and Kenton Varda. Let us know what you think!

When self-hosting is secure, users are free to choose

Security enables freedom of choice. If you use a Sandstorm server, you can choose productivity tools that fit your needs, even if the server is maintained by someone else.

Want to chat with colleagues? Install Rocket.Chat or Let’s Chat. Want to track tasks and stay organized? Install WeKan or Simple Todos. Want to organize a gift exchange? Install Giftr. Want to share files quickly with friends? Install FileDrop or Davros.

If you prefer managed hosting, you can make an account on Oasis and enjoy any of these apps or upload your own.

Or you can run your own Sandstorm install. Over the past six months, we’ve integrated free SSL certificates and cryptographically-verified automatic updates into self-hosted Sandstorm. As soon as someone installs Sandstorm for an organization, they can safely allow colleagues to choose their own tools. If you install Sandstorm for yourself, you can use the best indie web apps and let the platform handle security for you. Get started on the Sandstorm install page.