The Linux Foundation, in a
letter co-signed by a large range of organizations and companies, has
announced the launch of "Akrites", a project to fast-track vulnerability
fixes into projects.

As Akrites works upstream to fix projects at the source, we commit
to support downstream efforts to secure critical infrastructure
before it can be exploited. When patches are released to the
public, adversaries are able to utilize AI to rapidly reverse
engineer the underlying vulnerabilities, develop exploits, and
launch attacks. The success of our efforts therefore will be
measured in patch deployment, not publication. We will partner with
critical infrastructure owners and operators, civil society
efforts, and governments as they increase coordination to achieve
these goals.

Confidentiality is non-negotiable: An undisclosed flaw in a widely
deployed package is, in effect, a weapon, and the program is built
first to prevent leaks. Fixes flow back into each project's own
home, working with the maintainers. The engineering resources and
other capabilities provided by Akrites participants contribute to
this effort. Additionally, when a critical package has no one
maintaining it, Akrites will stand as the maintainer of last resort
so a fix can still reach everyone in a timely fashion. We will also
align with government efforts so that public and private defenders
move together, rather than in a disjointed fashion.

https://lwn.net/Articles/1079657/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)