Many vulnerabilities in software are caused by the incorrect implementation or configuration of cryptographic components. The problem is caused by a mismatch in expertise: crypto libraries are written by crypto experts, and use a terminology mostly accessible to such experts but not to general code developers. The goal of CogniCrypt is to help bridge this gap through dedicated tooling.
CogniCrypt aims to improve secure software development by allowing cryptographers to make their implementations more easily accessible and assisting software developers to securely integrate cryptographic components. CogniCrypt will facilitate code generation and code analysis and ensure long-term security by notifying developers about components that have become insecure. It will have components developed in CROSSING but also open for others to participate.
Within CROSSING, the goal of CogniCrypt is to provide CROSSING researchers a platform to jointly integrate their research results, foster information exchange within the CRC and make CROSSING solutions and primitives available for developers.
As of December 2017, CogniCrypt has become an official Eclipse project and will be integrated into the Eclipse infrastructure. This will help to sustain it for a long period of time and invite others to contribute to the further development of CogniCrypt.
The development of CogniCrypt is also supported by an Oracle Collaborative Research Grant (100,000$ per year) and the German Federal Office for Information Security (BSI) as an associated partner.