Akrites: Coordinated, confidential vulnerability remediation for open source critical infrastructure
Summary
The Akrites initiative, backed by The Linux Foundation, introduces a shared Security Incident Response Team to coordinate vulnerability discovery, triage, remediation, and synchronized disclosure across open source projects. It uses established standards (CVE, TLP, CWE, CVSS, EPSS, SSVC, VEX, VINCE) and aims to reduce duplication, avoid disclosure races, and protect critical infrastructure. The article discusses intake, deduplication, remediation, and embargo handling, plus membership tiers and confidentiality practices.