What question did this study set out to answer?

The research aims to improve program verification to create reliable and secure software for communication protocols.

April 12, 2026

Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software

Key Points

The research aims to improve program verification to create reliable and secure software for communication protocols.
Collaboration between Microsoft Research, INRIA, and Carnegie Mellon University.
Focus on creating drop-in verified replacements for existing secure communications software.
Reflective analysis on the project’s successes and failures over nearly a decade.
Development of industrial-grade verified software components for the HTTPS ecosystem.
Identification of challenges faced in program verification and secure software production.
Insights for future directions in program verification research.

Abstract

Project Everest began at Microsoft Research in 2016, aiming to spur research in program verification to produce industrial-grade software. In collaboration with INRIA and Carnegie Mellon University, Project Everest's goal was to produce drop-in verified replacements of secure communications software used in the HTTPS ecosystem, including TLS, the underlying cryptography, and related subprotocols. Now, almost a decade later, we reflect on the project, sharing both its successes and failures, and look ahead to the next decade of program verification research.

Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software

Key Points

Abstract

Cite This Study