A quick introduction to Web Assembly
Web Assembly or Wasm as it is also known is an open standard for running binary code across multiple platforms serving both client and server scenarios. Most people know it as the vehicle for being able to run languages like C++,C# and Rust in the browser with near native performance. However it can also be run on servers, for example as part of a Node.js solution.
Wasm gives developers almost endless possibilities; the edge between desktop and web computing is increasingly blurred as of late. It allows developers to reuse mature and powerful libraries and solutions which were originally built for servers and desktops with very little modifications to the code.
The Bytecode Alliance was formed by Mozilla, Intel, Red Hat and Fastly with the intention of improving and promoting the technology. In addition to the founding members just a few weeks ago Microsoft, Google, Shopify, ARM, DFINITY Foundation, Embark Studios and University of San Diego joined the effort. Their aim is to make sure software remains fast, modular and most importantly secure.
Security is important
Microsoft is going all in with WebAssembly, their flagship SPA web framework Blazor literally depends on the continued success of Wasm. They understand that large modern applications consist dozens if not hundreds of libraries, after all why should developers try to re-invent the wheel. Leveraging third party libraries is nothing new, modern modular applications sometimes contain over 80% of code which originates from package registries like npn, PyPi and crate.io. However this means vulnerabilities in those libraries or packages are unfortunately inherited by your application.
This is one of the problems the Bytecode Alliance is aiming to solve. The idea is to design and build secure software by default. This is not an easy task, it requires massive coordination as the Wasm ecosystem grows, the more players which are aligned with this goal the better.
What are you thoughts on organizations like The Bytecode Alliance? Do you think they are effective in keeping technology and open source projects moving in the right direction? Check out the official announcement here and the organizations official page if you are interested in learning more information on their initiatives and goals.