News: 0001643219

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Linux Foundation & Others Launch "Akrites" To Defend Open-Source Software From AI-Enabled Exploits

([AI] 52 Minutes Ago Akrites)


The Linux Foundation along with others like Amazon, Anthropic, OpenAI, NVIDIA, Microsoft, Red Hat, and others have joined forces to launch Akrites. The Akrites project is aiming to help defend critical open-source software from the brisk pace of new AI/LLM-discovered software bugs and vulnerabilities in ensuring that said issues are effectively addressed before they can be exploited by bad actors.

Given the wild pace of new security-related bug discoveries being made these days by large language models, Akrites is an industry-wide effort to help ensure that critical open-source software is mitigated and secured in a timely manner. The initial backers of Akrites include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone and Zscaler.

Akrites is establishing a:

"Akrites establishes a shared Security Incident Response Team (SIRT) and a single, standardized Coordinated Vulnerability Disclosure (CVD) process, built on confidentiality-first principles and industry-standard tooling.

...

Confidentiality is central to the effort. Bug fixes flow back into each project’s original home, on maintainers’ terms. Where a critical package has no active maintainer, Akrites will serve as maintainer of last resort so fixes to the latest version reach everyone in a timely fashion. The initiative will also coordinate with government efforts so public and private defenders move together."

More details can be found via today's launch [1]press release .

General information on the Akrites project and other details via the new project site at [2]Akrites.org .



[1] https://akrites.org/linux-foundation-and-industry-leaders-launch-akrites-to-defend-critical-open-source-software-against-ai-enabled-cyber-threats/

[2] https://akrites.org/



"Perhaps I am flogging a straw herring in mid-stream, but in the light of
what is known about the ubiquity of security vulnerabilities, it seems vastly
too dangerous for university folks to run with their heads in the sand."
-- Peter G. Neumann, RISKS moderator, about the Internet virus