Article 76K19 The "Akrites" vulnerability-mitigation project launches

The "Akrites" vulnerability-mitigation project launches

by
corbet
from LWN.net on (#76K19)
The Linux Foundation, in aletter co-signed by a large range of organizations and companies, hasannounced the launch of "Akrites", a project to fast-track vulnerabilityfixes into projects.

As Akrites works upstream to fix projects at the source, we committo support downstream efforts to secure critical infrastructurebefore it can be exploited. When patches are released to thepublic, adversaries are able to utilize AI to rapidly reverseengineer the underlying vulnerabilities, develop exploits, andlaunch attacks. The success of our efforts therefore will bemeasured in patch deployment, not publication. We will partner withcritical infrastructure owners and operators, civil societyefforts, and governments as they increase coordination to achievethese goals.

Confidentiality is non-negotiable: An undisclosed flaw in a widelydeployed package is, in effect, a weapon, and the program is builtfirst to prevent leaks. Fixes flow back into each project's ownhome, working with the maintainers. The engineering resources andother capabilities provided by Akrites participants contribute tothis effort. Additionally, when a critical package has no onemaintaining it, Akrites will stand as the maintainer of last resortso a fix can still reach everyone in a timely fashion. We will alsoalign with government efforts so that public and private defendersmove together, rather than in a disjointed fashion.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments