Open Source Database Aims to Shine Light on Hidden Crypto Risks in Software Supply Chain

Palo Alto, CA – October 30, 2025 – In a move hailed by security experts, SandboxAQ today launched OpenCryptography.com, a free, publicly accessible database designed to map cryptographic assets and vulnerabilities within the global software supply chain. The initiative addresses a critical need for transparency in an increasingly complex digital landscape, offering organizations a tool to proactively identify and mitigate potential cryptographic weaknesses.

For years, the ‘black box’ nature of cryptography – the art and science of secure communication – has presented a significant challenge for security professionals. Determining the strength and configuration of cryptographic protocols embedded within software can be a laborious and often opaque process. OpenCryptography.com aims to change that, providing a centralized resource to understand the cryptographic foundations of widely used software components.

“The current state of affairs is unacceptable,” says a representative from SandboxAQ. “Cryptography shouldn’t be a mystery. It's the bedrock of digital trust, and we can’t secure what we can’t see.”

Mapping the Cryptographic Landscape

The database currently boasts nearly one billion entries, initially focused on open-source Docker containers – a popular format for packaging and distributing applications. SandboxAQ plans to expand coverage to other software formats and ecosystems in the coming months. The database maps cryptographic algorithms, protocols, and configurations, identifying potential weaknesses and vulnerabilities that could be exploited by attackers.

“It’s like having a detailed map of the cryptographic dependencies within your software,” explains a cybersecurity analyst who reviewed the database prior to launch. “This allows you to quickly identify areas of concern and prioritize remediation efforts.”

A Response to Growing Threats

The launch of OpenCryptography.com comes at a time of heightened concern about software supply chain attacks. Recent high-profile incidents have demonstrated the devastating consequences of compromised software components. The SolarWinds hack, for example, exposed vulnerabilities in widely used network management software, impacting thousands of organizations.

The database addresses a critical gap in current security practices. Traditionally, organizations have relied on vulnerability scanners to identify known weaknesses in software. However, these tools often struggle to detect subtle cryptographic vulnerabilities that are not publicly documented.

“Vulnerability scanners are good at finding known problems, but they can miss things lurking beneath the surface,” says another security expert. “OpenCryptography.com provides a deeper level of visibility into the cryptographic foundations of software, allowing you to uncover hidden vulnerabilities before they can be exploited.”

Preparing for the Quantum Era

The looming threat of quantum computing is also driving the need for greater cryptographic transparency. Quantum computers, if fully realized, could break many of the encryption algorithms that currently secure our digital communications. This is prompting a global effort to develop post-quantum cryptography (PQC) – encryption algorithms that are resistant to attacks from quantum computers.

“The transition to post-quantum cryptography is a massive undertaking,” says a representative from the National Institute of Standards and Technology (NIST). “It requires organizations to identify and replace vulnerable encryption algorithms with quantum-resistant alternatives. Tools like OpenCryptography.com can help organizations assess their current cryptographic posture and prioritize the migration to PQC.”

The database allows users to identify which software components are using vulnerable encryption algorithms and provides information on available PQC alternatives.

Open Source Approach Fosters Collaboration

SandboxAQ’s decision to make OpenCryptography.com publicly available is a testament to the power of open source collaboration. By sharing the database with the security community, SandboxAQ is encouraging researchers and developers to contribute to its ongoing development and improvement.

“Open source is a game changer,” says a security researcher. “It allows for collective intelligence and rapid innovation. By making the database publicly available, SandboxAQ is leveraging the collective expertise of the security community to build a more secure digital world.”

The database’s open source nature also promotes transparency and accountability, allowing the security community to verify its accuracy and identify potential biases.

Challenges and Future Directions

While OpenCryptography.com represents a significant step forward in cryptographic transparency, challenges remain. Maintaining the accuracy and completeness of the database will require ongoing effort. The rapidly evolving landscape of cryptography also means that the database will need to be continuously updated to reflect new algorithms, protocols, and vulnerabilities.

SandboxAQ plans to expand the database’s coverage to include more software formats and ecosystems, and to add features such as automated vulnerability analysis and remediation recommendations. The company is also exploring the possibility of integrating the database with existing security tools and platforms.

“This is just the beginning,” says a representative from SandboxAQ. “We believe that OpenCryptography.com has the potential to fundamentally change the way we approach cryptographic security. By fostering transparency and collaboration, we can build a more secure and resilient digital world for everyone.”

The database can be accessed at https://www.opencryptography.com. Security professionals are encouraged to explore the database and contribute to its ongoing development.