The Linux Foundation has launched the Acrithes initiative to efficiently address vulnerabilities in the open-source software ecosystem, SecurityWeek reported on June 26 (local time).
Acrithes focuses on responding to vulnerabilities in open-source software by not immediately disclosing them, but first creating a patch and then making the issue public. Participants include Anthropic, AWS, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorgan Chase, Microsoft and GitHub, Nvidia, OpenAI, RapidFort, Red Hat, the Rust Foundation, Sonatype, Vodafone and Zscaler. Initial funding will be provided by the Linux Foundation's Alpha-Omega Directed Fund.
The core of Acrithes is distributing patches before vulnerabilities are disclosed. It is a move that reflects a situation in which the time gap between vulnerability disclosure and real-world attacks is narrowing as AI-driven cyberattacks increase. The Linux Foundation said, "When patches are made public, attackers quickly reverse engineer them with AI to develop exploits and carry out attacks," adding that "Acrithes' results will be measured by patch distribution, not postings."
Chi-gyu Hwang
delight@d-today.co.kr