Codasip is a founding member of the CHERI Alliance and one of the most active industrial players in the CHERI ecosystem. From the outset, Codasip has played an active role in CHERI Alliance activities—taking part in technical discussions, leading some working groups, contributing open-source software, supporting standardisation efforts, and helping bridge the gap between the CHERI research community and commercial deployment. Alongside this work, the company has invested in making CHERI tangible for the ecosystem, through commercially available CHERI‑RISC‑V IP and development platforms that allow partners to experiment, prototype, and build products.
We thought it would be valuable to sit down with Ron Black, CEO of Codasip, to talk about the most recent news, discuss why the company has committed so strongly to CHERI, what market signals are driving that focus, and how Codasip sees the CHERI ecosystem—and the CHERI Alliance—evolving in the years ahead. Here is what he told us:
Codasip is pivoting to fully focus on CHERI-based architectures. What was the market signal that convinced you this was the right time to make that shift?
“There has been interest from security experts in CHERI since its conception over a decade ago. Now, after the formation of the CHERI Alliance for standardisation and promotion, we have begun to see true market pull. Consequently, Codasip invested early to create commercially available CHERI-RISC-V processors with all the required base software, such as the operating systems, compilers, and debuggers, etc. Interest has increased further with our launch of these products, especially after we began offering our Codasip Prime FPGA development kit that allows hardware and software engineers to start their development with production level IP and software.”
You're expanding beyond CHERI processor IP licensing into CHERI SoCs and CHERI FPGAs, why?
“Simple reason really – many customers, especially in the defence and critical infrastructure segments, prefer to engage with us in physical products, so after several made the request, we just did what they asked.”
Which part of the CHERI ecosystem now matters most strategically — and why?
“Two actually. Application Software, but that won’t occur until the silicon and base software is completed. And standardization and regulation to ensure the ecosystem is aligned.”
In which verticals do you see CHERI delivering its first large-scale wins — and why?
“We see defence as being the first commercial adopter, which is not surprising given that DARPA funded the early research and proof of the technology. Mid-term it is a broad set of applications that fall into “Critical National Infrastructure or CNI” category. And clearly with all the gray-zone conflicts and state-sponsored cyberattacks, CNI is the real risk to every nation. The CHERI “pump” is being “primed”, and really all companies in all industries that care about their customers should have a CHERI programme in our opinion.”
How do you see accountability for security changing — who carries more responsibility, and who carries less?
“When speaking with non-technical people we frequently use the model of infectious disease, likening CHERI to a “cyber vaccine” for memory safety “cyber viruses.” With the exponential increase in CVEs, cyberattacks have gone from endemic to an epidemic, and are only going to get worse with AI.
As the primary goal of government is to protect its people, and government provides free vaccines during an epidemic to protect its citizens, it only makes sense that government takes a leadership role in ensuring cyber protection. Certainly the defence industry, which is funded by the government, sees that. It is not clear if governments are taking enough action, however, in CNI. In our opinion, more is needed now, before there is a major issue. I would really hate to be a government that did nothing to protect its citizens, when the “cyber vaccine” was already proven and ready for mass production. And the EU has now taken the step with its Cyber Resilience Act, or CRA, to ensure accountability by end system producers.
But whilst the product manufacturers are liable, they are dependent on the supply chain, where these requirements now need to be implemented.”
Nine months ago the board was exploring a sale. What's changed, and why should partners feel confident in Codasip's long-term stability?
“We recently announced a sale of the low-end of our product line, which is not CHERI enabled. The acquirer also took a broad license to Studio™, our processor design EDA tool. We can still use these processors in physical products (FPGAs and chips), and will CHERI enable them to do so, but we will not be focusing on licensing non-CHERI products, and most of our focus is now is on mid-range and high-performance out-of-order processors where there is more demand and value.”
What would success look like for Codasip in three years?
“A successful semiconductor company leading the way in resilient by design SoC solutions.”