Most of Ledger’s products are already open source, with many developers contributing to Ledger Live, Ledger devices, and more. Together, we built over 150 open-source apps that run on different Ledger devices, on top of our OS and the Secure Element, and integrating into our stack and building an embedded application is easy.
The following components of our OS code are available for review:
- Our cryptography library
- Cryptography library documentation
- OS commands dispatcher
- Entry points of Ledger Recover implementation
We’ll gradually make more of our OS components available for review and verifiability, and we plan to work on refactoring the code so that we can abstract the chip-specific characteristics under NDA from our OS.
In addition, Donjon - our team of world-class security experts - runs a bug bounty program to reward researchers who responsibly disclose vulnerabilities. Providing more OS components for review helps external security researchers audit our products. The research work will be publicly documented.
Why we cannot open source our Secure Element
Making more of our source code components available, reviewable, and auditable has always been at the core of our roadmap, and we emphasize the importance of accelerating our initiative to bring greater verifiability to everything we do at Ledger.
Ledger devices use smartcard chips called Secure Elements (SE) — the advanced technology implementing several hardware countermeasures against potential attacks even with physical access.
As part of their security capabilities, Secure Elements allow businesses to implement a robust root of trust through this protection and prove that their products are genuine and not tampered with, including in complex supply chain environments.
The full range of SE's security capabilities are part of manufacturers' Intellectual Property (IP) and are not accessible to third parties. Companies like us at Ledger, that work with this type of hardware need to sign a Non-Disclosure Agreement (NDA) that prevents revealing confidential and security-sensitive information. This is the primary reason why Ledger is unable to disclose its entire OS source code.
Here at Ledger, we strongly believe in an open source and verifiable code approach. It's a great philosophy that advocates openness, transparency and verifiability, some of our core values.
That's why we're constantly working towards making source code components available, reviewable, and auditable.