Company Performance Metrics
Akrites operates a shared security incident response program focused on securing critical open source software that underpins essential systems. The initiative provides a single, standardized coordinated vulnerability disclosure process run by a centralized Security Incident Response Team. Akrites offers confidential intake, validation, and
deduplication of vulnerability reports for projects relied on by critical infrastructure operators and their vendors. It coordinates remediation with upstream maintainers, assists with patch creation and testing, and manages synchronized disclosure. The program uses industry standards such as CVE, TLP, CWE, CVSS, EPSS, SSVC, VEX, and tools like VINCE to structure its workflows. Akrites also serves as a coordination facility for member organizations that contribute engineering resources or funding to strengthen the open source security ecosystem.