The Linux Foundation has announced the Akrites project — a collaborative effort formed to remediate vulnerabilities in critical open source software, such as used in banks, hospitals, power grids, telecoms, and more.
Specifically, the initiative establishes “a shared Security Incident Response Team (SIRT) and a single, standardized Coordinated Vulnerability Disclosure (CVD) process.” It aims to provide “a single, trusted place to coordinate, remediate and disclose, with a shared SIRT serving as a predictable partner for maintainers rather than a flood of uncoordinated reports,” the announcement says.
“As Akrites works upstream to fix projects at the source, we commit to support downstream efforts to secure critical infrastructure before it can be exploited,” the Akrites team explains in an open letter on the website. “When patches are released to the public, adversaries are able to utilize AI to rapidly reverse engineer the underlying vulnerabilities, develop exploits, and launch attacks. The success of our efforts therefore will be measured in patch deployment, not publication.”
The project is backed by companies including Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler.
Organizations can participate and learn more at Akrites.