A charitable foundation might be plausible to help companies secure their closed for-profit software but it doesn’t really have the same urgency for the fabric of the internet (or the same moral clarity)
Yet still important to be secured due to the impact vulnerabilities can have. And LLMs can work without source code access via utilizing things like debug symbols, disassembly, reverse engineering, etc.
>paid maintainers
Just like open source maintainers their time is already being spent on other things which they see as more important over making the project 100% security bug free. Just because they are being paid, that doesn't make security their number 1 priority.
Project Glasswing is already a thing, and the other labs have started their own initiatives too if they want to collaborate and work on securing closed-source software.
Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.
Many of the names on the list makes the initiative rather suspect. Companies who do a lot to undermine free and open-source software, who hide critical software behind their walls, preventing both its scrutiny and its adaptation and improvement, and two of the LLM giants - they'll "defend open source"? I don't know about that.
> Akrites gives critical infrastructure stakeholders a confidential, structured place to coordinate vulnerability discovery, remediation, and disclosure across the open source projects they depend on
So, a bunch of large corporations - some of who are known to be in bed with the US government - will share vulnerabilities among themselves, out of the public eye? Fishy.
All they're really missing is Oracle and Bambu Lab.
If it's sent to Akrites, they can even pretend it's done responsibly – even though only megacorps get a seat around that table.
Besides many of the companies on the list are suspext numero uno for the state of open source
Also not sure about saddling this Linux Foundation project with the corporate politics of navigating which closed-source software they will bless with subsidised/free labour? Their mission has been about open technologies.
Also I believe Google Chrome would have its OSS Chromium variant covered, no?
edit: disappointed with the downvote without dialogue at all. Wish you would engage in a conversation about the implications of this Linux Foundation project deviating from its "open technologies" mission statement and starting to deal with which closed-source tech its supposed to choose to prioritise, seems like a distraction for them.
dmitrygr•1h ago
Ambitious and interesting. I wonder how long this will last and on whose dime and time? Akrites employs no engineers, so who will make the fixes and who'll pay them?
npodbielski•1h ago
NSUserDefaults•36m ago
wwind123•6m ago