惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
T
Tenable Blog
D
DataBreaches.Net
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
腾讯CDC
V
Visual Studio Blog
B
Blog
雷峰网
雷峰网
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
I
InfoQ
M
MIT News - Artificial intelligence
有赞技术团队
有赞技术团队
T
Tailwind CSS Blog
The Cloudflare Blog
L
LangChain Blog
MongoDB | Blog
MongoDB | Blog
Vercel News
Vercel News
Cloudbric
Cloudbric
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
T
The Exploit Database - CXSecurity.com
Google DeepMind News
Google DeepMind News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Martin Fowler
Martin Fowler
SecWiki News
SecWiki News
T
Threat Research - Cisco Blogs
J
Java Code Geeks
Cyberwarzone
Cyberwarzone
Forbes - Security
Forbes - Security
Spread Privacy
Spread Privacy
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
O
OpenAI News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Schneier on Security
Schneier on Security
S
Security @ Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
H
Help Net Security
Y
Y Combinator Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
量子位
U
Unit 42
S
SegmentFault 最新的问题
V
V2EX
D
Docker

RapidFort Blog

How to Use RapidFort’s Curated Distroless Language Images Introducing a Bazel Ruleset for RapidFort’s deb-based Images DORA Is Not About Compliance. It Is About Resilience. Risk Over Compliance: What CISA RapidFort Test Blog Blog 4 Test Test Blog 3 Test 2 Mythos Vulnerability Assessment: Eliminate Real Risk, Not Just CVEs Securing Modern AI Workloads for National Security RBOM vs SBOM: The Critical Difference Between Software Inventory and Runtime Reality The Remediation Gap: When AI-Powered Discovery Outpaces Human Defense You Only Control 15% of Your Software. Here's How to Secure the Rest. Free ATO Readiness Cohort: Shorten Your Path to Federal Market US Cyber Strategy & Software Supply Chain Security EU CRA for Containers & Kubernetes: Scope, Deadlines & Steps PyPI, npm, and the New Frontline of Software Supply Chain Attacks GitHub Actions Security Audit: CI/CD Risk & Shell Injection What Is RBOM™? Runtime Bill of Materials vs SBOM Explained EU Cyber Resilience Act & Open Source Risk RapidFort Raises $42M Series A for Software Supply Chain Security Fintech Container Security 2026: SASM & RBOM™ RF Analyzer: Precision Container CVE Intelligence Kimia: Secure Kaniko Alternative for Kubernetes Builds AI-Powered Cyberattacks: How Defenders Must Adapt RapidFort Pioneered DoD Container Hardening | Industry Standard Turn Scanner Output into Verified CVE Elimination RapidFort's Giant Washing Machine: Cleaning Open Source at Scale Why SBOMs Fail: RBOM™ & Near-Zero CVE Images Fix the Gap Defeat NPM Supply Chain Worms: Near-Zero CVE Defense Bitnami & Chainguard Alternatives: Free Near-Zero CVE Images Runtime Profiling: Eliminate up to 99.9% of Container CVEs Flow Defending: AI-Speed Container Hardening & Runtime Visibility AI in Software Supply Chain Security: Defense vs Attackers SBOM vs RBOM™: Why Runtime Bill of Materials Wins AI-Powered Container Stack: Built, Hardened & Defended AI-Generated Code Vulnerabilities: Runtime Defense for Containers Container Vulnerability Management Reimagined | RBOM™ 35,000+ Near-Zero CVE Images: FIPS, STIG & AI-Era Standard RBOM™ Runtime Intelligence: Cut CVE Noise & Improve Accuracy EU Vulnerability Database (EUVD): Impact on CVE Management Critical Infrastructure Cyber Resilience: Near-Zero CVE DoD Software Procurement: SWIFT, cATO & Container Security Stop Fixing CVEs One by One: Eliminate up to 99.9% Before Production Break the Patch-and-Pray Cycle: Proactive CVE Management Beyond FedRAMP Checklists: Continuous CVE Elimination Why RapidFort Outperforms the Competition: The Future of Secure Containers FedRAMP Fast-Track: Near-Zero CVE Images & Zero Patching Hidden Costs of Manual CVE Elimination | Automate with RapidFort PCI DSS, SOC 2, FedRAMP & HIPAA Compliance via CVE Elimination Emerging Cyber Threats 2024: Protect Containers with RapidFort Container Supply Chain Security: From Source to Deployment Build a Robust Security Stack with RapidFort's SASM Platform Securing Containerized Environments: Best Practices Identify & Eliminate Common App Vulnerabilities in 3 Steps Near-Zero CVE Blueprint: Securing Your Software Supply Chain Eliminate up to 99.9% of Container CVEs in 3 Steps | No Code Changes DoD Innovation: SpaceWERX, AFWERX & Defense Tech Firsthand Developer Security Training Do's & Don'ts Top 5 Software Security Myths Debunked AI-Generated Code Security Risks: CEO Insights Using AI in Software Development: Security Tips & Considerations RapidFort Wins Intellyx Digital Innovator Award | Runtime Security 3 Tips to Conquer CVE Alert Fatigue Mature DevSecOps Teams: Key Traits & Security Best Practices Top 3 Software Security Trends 2024: AI, Compliance & SASM Software Security Budgeting 2024: Eliminate CVEs by up to 99.9% & Measure ROI RapidFort 2023 Year in Review: Milestones & Container Security Wins OSS Vulnerability Scanning & Container Hardening RapidFort Joins Microsoft Pegasus Program | Container Security Runtime Container Protection: 90% Attack Surface Reduction Black Hat USA 2023: AI, CISO Trends & Cybersecurity Insights SOC 2 Type 2 Compliance for Container Security RapidFort Achieves SOC 2 Type 2 | Enterprise Security Validated Common Container Security Risks & How to Fix Them 6 Steps to Securing Your Software Supply Chain Harden Containers with Coverage Scripts & RBOM™ Profiling Container Vulnerability Management Best Practices Minimize Software Attack Surface | RBOM™-Powered SASM Docker Container Security Best Practices 2023 | Harden & Scan What Is Container Hardening? Reduce CVEs & Meet Compliance | Guide Securing Popular Docker Containers: Up to 80% Attack Surface Cut How RapidFort Secures Its Own Containers | Dogfooding DevSecOps Why Container Security Tools Fail: Scan vs Eliminate Hidden OSS Trade-Offs: Container Bloat, CVEs & Security Debt OSS Patch Management: Eliminate Container Bloat & CVEs OpenSSL Vulnerability: Scan, Harden & Reduce Risk in Containers Harden Hundreds of Containers Today for Free Customs Bridge Automates CVE Elimination with RapidFort SAST vs DAST vs IAST: Limitations for Container OSS Security Delete 78% of Your Redis Container - It Still Works 100% Free Tool: Copy AMIs to AWS GovCloud Fast | Open-Source Script Stop Chasing CVEs: Smarter Container Test Cycles Why CVSS Severity Alone Fails: Use Exploit Probability The Limits of Shift Left: How Software Optimization Fills the Gap Software Supply Chain Security with SCA Scanning What Is Software Supply Chain Risk? Causes & How to Mitigate It Reduce Container Bloat: Remove Unused Components & Cut CVEs What Is Software Optimization? RBOM™ vs SBOM Explained Log4j Response: Harden Containers Now Before the Next Patch
RapidFort Joins Akrites: A Coordinated Response to the Open-Source Vulnerability Crisis
RapidFort · 2026-06-26 · via RapidFort Blog

The open-source software that powers the world's banks, hospitals, power grids, and AI platforms is facing a fundamentally new kind of threat. Today, we are proud to announce that RapidFort is a founding member of one of the most significant coordinated responses to that threat in the history of software security.

RapidFort is a charter member of Akrites, an initiative launched by the Linux Foundation, alongside AWS, Anthropic, Cisco, GitHub, Google, Microsoft, OpenAI, JPMorgan Chase, and others. Together, we are committing to finding, fixing, and responsibly disclosing vulnerabilities in the critical open-source software the world depends on.

Charter members

RapidFort Linux Foundation AWS Anthropic Cisco GitHub Google Microsoft OpenAI JPMorgan Chase

Why This Moment Is Different

What is happening now is not an incremental change. It is a revolutionary leap.

For decades, open source software has been one of the defining achievements of the technology industry. Built together, shared freely, and woven into the foundation of nearly every system that runs modern society. Approximately 85% of enterprise software today is open source, meaning the majority of software risk lies outside any single organization's direct control.

For most of that time, finding a serious vulnerability in a widely used open source project required expert-level skill and weeks of focused effort. That reality has collapsed. Frontier AI models can now scan a major open-source project and surface multiple vulnerabilities including chained impacts in a single pass within minutes. The same capability that can accelerate defense can, in the wrong hands, industrialize attack at a scale and speed no team of human researchers could match.

Disclosure-to-exploit windows have compressed from 24 months a decade ago to less than 10 hours today

The numbers tell the story. Disclosure-to-exploit windows have compressed from 24 months a decade ago to less than 10 hours today. Enterprise remediation cycles still take weeks, if they happen at all. This is not a theoretical future risk. It is the present condition of every system we are responsible for.

What Is Akrites?

Akrites is a coordinated and collaborative initiative to remediate and responsibly disclose vulnerabilities in critical open-source software that global infrastructure depends on.

The core problem Akrites solves is fragmentation. In the past, security response involved a patchwork of organizations often working on the same problems independently, sometimes shipping conflicting patches, and frequently burying maintainers under duplicate reports. When dozens of companies independently scan the same library and each files a report, the maintainer on the other end gets buried in noise. Every additional party holding an unpatched vulnerability raises the odds that it leaks before a fix exists, which increases risk for everyone.

Akrites changes that model through four commitments.

The Four Commitments

01

Shared Security Incident Response Team

A single, shared SIRT gives maintainers one predictable, trusted partner instead of a flood of uncoordinated reports.

02

Standardized Coordinated Vulnerability Disclosure

A CVD process built on confidentiality-first principles and established industry tooling, including CVE, TLP, CWE, CVSS, EPSS, SSVC, and VEX.

03

Fixes flow upstream

Fixes flow back upstream into each project's original home, on maintainers' terms.

04

Maintainer of last resort

Where a critical package has no active maintainer, Akrites will serve as the maintainer of last resort so fixes reach everyone in a timely fashion.

Key Principle

Success is measured in patch deployment, not patch publication.

When a patch is released publicly, adversaries can use AI to rapidly reverse-engineer the underlying vulnerability, develop exploits, and launch attacks. Getting fixes into real systems before that window opens is the actual goal.

Alpha-Omega, a directed fund of the Linux Foundation, will provide seed funding to support the initiative. Organizations that contribute engineering resources or funding are invited to participate at akrites.org.

Why We Are Part of This

RapidFort was built on the conviction that Software Supply Chain Security has to be solved at the source. Akrites is a direct expression of that same conviction applied at an industry level.

As our CEO, Mehran Farimani, wrote in the founding open letter:

"Open source only works when we keep the work open, upstream, and available to everyone who depends on it. The answer to the AI-driven vulnerability crisis is not to fragment the ecosystem behind proprietary walls or turn community foundations into closed products. It must be coordinated remediation that preserves the integrity of original software, works with maintainers, and returns fixes to the commons."

Mehran Farimani, CEO, RapidFort

This is the principle that shapes everything RapidFort builds.

RapidFort is designed around a single premise: the only scalable solution to software supply chain risk is to eliminate attack vectors before they reach production, not manage them afterward. Our approach of continuous threat elimination removes vulnerabilities at the source, across the entire software lifecycle, without requiring code changes. Organizations using RapidFort can achieve up to 99.9% reduction in vulnerabilities within hours and up to 90% reduction in software attack surface.

The two approaches are genuinely complementary

Akrites: upstream

A single, shared SIRT gives maintainers one predictable, trusted partner

Fixes flow back upstream into each project's original home, on maintainers' terms

Maintainer of last resort where a critical package has no active maintainer

Success measured in patch deployment, not patch publication

RapidFort: enterprise stack

Eliminates attack vectors before they reach production

Continuous threat elimination without code changes

Up to 99.9% reduction in vulnerabilities within hours

Up to 90% reduction in software attack surface

Akrites operates upstream: getting ahead of the vulnerability cycle at the source by working with the maintainers who own the code before those vulnerabilities propagate into production systems everywhere. The two approaches are genuinely complementary. One secures the commons while the other secures the enterprise stack built on top of it.

What This Means for the Industry

One part of this initiative deserves particular attention because it speaks to something the industry has long owed open-source maintainers.

Open source maintainers have, for years, absorbed the accelerating volume of security work that was never part of original expectations. Often, volunteers have been expected to independently process floods of uncoordinated reports from dozens of organizations, with no prioritization, no consistent support, and no acknowledgment of the burden placed on them. That model was fragile before AI changed the discovery equation. It is simply no longer viable in the age of AI.

Akrites is, at its core, an acknowledgment of that debt and a commitment to repay it through coordinated, funded upstream support. Founding members are contributing engineering talent, security expertise, and funding to harden the shared software we all depend on.

The initiative also commits to coordinating with government efforts so that public and private defenders move together rather than in a disjointed fashion. Getting fixes into real systems before adversaries can exploit disclosures requires that kind of alignment across the full ecosystem.

The Window Is Open Now

The founding Akrites letter closes with a warning worth repeating: the window to get ahead of the new open-source security reality is now open, but it will not stay open.

AI has changed the math on both sides of the equation simultaneously. It has accelerated discovery for attackers while making coordinated upstream defense possible for defenders willing to act together rather than in silos. Businesses and organizations that move now have the opportunity to build something that genuinely gets ahead of the threat cycle rather than perpetually chasing it.

We are proud to be part of that effort and we believe the best version of this outcome is one in which the open-source ecosystem remains authentically open, upstream, and available to everyone who depends on it.

That is worth defending together.

RF

RapidFort

Leader in Software Supply Chain Security

RapidFort is the leader in Software Supply Chain Security, enabling organizations to eliminate risk across their software stack at scale. Its platform combines curated near-zero CVE container images, runtime profiling, and attack surface management to remove up to 99.9% of vulnerabilities within hours and reduce the attack surface by up to 90% without code changes. RapidFort is included in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security, a Gartner® Cool Vendor™, and a Nutanix .Next Partner of the Year.

Read the Open Letter

The founding signatories of Akrites published a joint open letter to the technology industry titled "We All Depend on Open Source. We Will Defend It Together." It is a direct, plainspoken statement of why this effort exists and what the undersigned are committing to.

Read the full letter

To learn more about Akrites or to join the initiative, visit https://akrites.org.

To learn how RapidFort helps organizations eliminate software supply chain risk at the enterprise level, visit www.RapidFort.com.

References: Akrites founding open letter, Linux Foundation (2026). akrites.org.