Linux Foundation Launches the Open Robust Compartmentalization Alliance (ORCA) to Advance Software Security

New foundation will help protect critical digital infrastructure by improving how software vulnerabilities are contained

• The Linux Foundation has launched the Open Robust Compartmentalization Alliance (ORCA), a new foundation focused on improving software resilience by breaking software into secure, isolated parts to stop attackers in their tracks.
• The first-of-its-kind global coalition, ORCA addresses the growing impact of cyber threats by fostering cross-industry collaboration to reduce single faults and failures in software systems.
• This initiative aligns a broad range of stakeholders, including hardware vendors, OS developers, programming language communities, research organizations, and cloud providers.
• A community kickoff meeting will be held in the coming weeks and additional information and community details are available at https://orca-lf.org/.

SAN FRANCISCO, November 24, 2025 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the formation of the Open Robust Compartmentalization Alliance (ORCA). ORCA brings together leading universities, technology companies, and research institutions to improve the resiliency and efficiency of software systems through practical, cost-preventative approaches to software compartmentalization.

ORCA was created to promote more secure, fault-tolerant systems. The alliance will serve as a neutral home for collaboration on software compartmentalization, fostering cross-domain knowledge sharing, adoption of best practices, and collective advancement of technologies that limit the impact of individual software faults and security vulnerabilities.

“As automated and AI-driven attacks continue to expand, software security can no longer rely solely on patching vulnerabilities after the fact,” said Mike Dolan, SVP of Legal and Strategic Programs at the Linux Foundation. “ORCA introduces a forward-looking model – one that breaks software into isolated, resilient parts designed to contain threats before they spread. This community represents an important step toward the next generation of secure, reliable open source infrastructure.”

The formation of ORCA comes at a time when the volume and sophistication of cyber attacks are accelerating, reaching a pace that human defenders often cannot match. The growing use of AI by malicious actors further advances the need for defensive measures that both identify compromise and work to contain its effects. ORCA addresses this gap by facilitating solutions that minimize the consequences of security bugs and resulting costs, rather than solely reducing their occurrence.

Participants span dozens of organizations from academia, industry, and government. ORCA invites all interested contributors, from chipmakers to cloud vendors, to engage in its mission. A community kickoff meeting will be held in the coming weeks to showcase early use cases, and advance the field of software compartmentalization.

To learn more about ORCA or to participate in the community, visit https://orca-lf.org/ and join the community on Slack.

Supporting Quotes

“It is an unfortunate reality that a flaw in a library used by an application can cause a compromise of that entire application and escalate into further damage by a skilled attacker.  Attackers are using every trick they can think of to exploit and escalate.  ORCA is a focal point for a combined effort across the full software and hardware stack to fight back by limiting the impact of a successful attack”

–Justin Cappos, Professor in the Computer Science and Engineering department at New York University Tandon School of Engineering

“The future of computing lies in trustworthy systems that can recover, adapt, and continue to serve even when parts fail. ORCA bridges research and practice to strengthen the resilience of operating systems in the era of AI. It transforms compartmentalization from a concept into a foundation for safe computing used pervasively across industry.” 

–Xiaoyi Lu, Associate Professor in the Department of Computer Science and Engineering at the University of California, Merced

"ORCA represents a crucial step toward making compartmentalization a practical, open, and standardized foundation for software systems. By bringing together researchers, vendors, and open-source projects, it turns isolation research into deployable reality. Our goal is to develop general and widely usable solutions that make robust security available to everyone.”

–Alex Voulimeneas, Assistant Professor in the Cyber Security Group, Delft University of Technology

"Compartmentalization is one of the best ways to build trustworthy and resilient software. We need initiatives like ORCA to produce industry standards and foster the adoption of compartmentalization across the industry."

–Hugo Lefeuvre, Postdoctoral Research Fellow, University of British Columbia

"Typical businesses and governments are supported by multiple applications supplied by multiple vendors. Compartmentalization techniques can also help prevent undesirable interactions among these systems.”

–Glenn Ricart, CTO of national nonprofit US Ignite

•  

• Media Contact

• Grace Lucier

• The Linux Foundation

• pr@linuxfoundation.org