Tech Giants Launch Akrites Under Linux Foundation to Secure Open-Source Software

·1 views

Anthropic, Google, Microsoft, OpenAI, AWS, and 15 other organizations launched Akrites on Thursday under the Linux Foundation to address AI-era vulnerabilities in critical open-source software. The initiative establishes a shared Security Incident Response Team to replace the fragmented approach where multiple organizations independently scan the same libraries, file duplicate vulnerability reports, and overwhelm maintainers. Akrites enforces a patch-first, disclose-second policy, holding findings confidential until fixes are tested, and provides fallback maintainer coverage for unmaintained projects. The effort is funded by Alpha-Omega, an OpenSSF project with an annual budget exceeding $7 million backed by the founding members. The coalition was formed in response to AI tools dramatically accelerating vulnerability discovery, with Endor Labs CEO Varun Badhwar noting thousands of AI-surfaced open-source flaws in recent months, fewer than 5% of which have been patched.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Seven Concrete Ways AI Is Reshaping Software and Work Beyond Basic Chatbots

A DEV Community article outlines seven emerging shifts in how AI is being integrated into software and work, moving beyond simply enhancing existing tools. The piece argues that AI is evolving from a conversational assistant into an operator-style system capable of using tools, memory, and defined boundaries to complete tasks. Software interfaces are being redesigned to expose actions and context directly to AI agents, not just human users. Human roles are shifting toward defining intent, constraints, and review standards, while agents handle implementation. Across areas like productivity, learning, and web services, the underlying pattern is AI enabling human-directed systems with built-in context, evidence, and accountability.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How to Choose the Right Monitoring Tool for Your React App

React applications face silent failures — from race conditions to null check errors — that often go undetected until users report them, making monitoring essential for production apps. Monitoring broadly falls into three categories: error tracking, performance monitoring, and session replay, each answering a distinct question about app health. A practical comparison of seven popular tools — including Sentry, LogRocket, Datadog, New Relic, Bugsnag, and FullStory — highlights their strengths based on team size and use case. Sentry is recommended as a strong default for most React and Next.js projects, offering all three monitoring categories under one SDK with a free tier covering 5,000 errors per month. Choosing the wrong tool can waste both setup time and budget, making a clear decision framework critical before committing to any solution.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Freelancer Shares Proposal Strategy Behind 95% Upwork Bid Win Rate

A freelancer claims to have achieved a 95% bid win rate on Upwork across hundreds of proposals by making one key change in approach. Instead of leading with personal credentials and process lists, the strategy focuses on diagnosing the client's specific problem using details from their own job post. The method involves naming the likely root cause, hinting at a solution, and closing with a targeted question rather than a generic sign-off. The author argues that listing steps or deliverables positions a freelancer as a service provider, while demonstrating problem insight signals expertise. To apply the framework at scale, the author built an AI tool called AI Proposer that structures proposals accordingly and flags common mistakes before submission.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How Checkov Helps Developers Catch Insecure Terraform Configs Before Deployment

Infrastructure as Code tools like Terraform can produce valid configurations that are nonetheless insecure, since misconfigurations such as public storage buckets or missing encryption do not prevent successful deployment. Checkov is an open-source static analysis tool designed to scan Terraform and other IaC files for cloud misconfigurations and policy violations before any resources are created. Unlike application bugs that cause crashes or errors, infrastructure security flaws often go unnoticed while quietly exposing systems to risk. Checkov fits into both local development workflows and CI/CD pipelines, enabling teams to catch problems early as part of a shift-left security approach. This makes it a practical option not just for security specialists but also for developers seeking to build safer cloud environments from the start.

0 comments Read more at DEV Community