Patch the Planet: a Daybreak initiative to support open source maintainers
7 hours ago
- #open-source security
- #AI-assisted vulnerability patching
- #maintainer support
- Daybreak introduces Patch the Planet, an initiative with Trail of Bits to support open-source maintainers by combining AI-assisted security research and expert human review to identify and patch vulnerabilities.
- The program aims to reduce the burden on maintainers by having security engineers review findings before they reach them, develop patches and tests, and create reusable workflows for ongoing security improvement.
- Initial projects include cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, Go, freenginx, Python, and python.org, covering networking, cryptography, software supply chain, and language infrastructure.
- Trail of Bits uses AI models like GPT-5.5-Cyber and Codex Security for analysis, patch development, and testing, providing participants with tools like ChatGPT Pro and API credits.
- Achievements include building fuzzing labs in less than a day, creating pipelines for finding vulnerability variants, and implementing differential testing that compresses work from weeks to days.
- Security engineers manually review all findings before submission to maintainers, ensuring quality control and reducing false positives, with maintainers retaining control over patches and disclosure.
- Examples of vulnerabilities found span multiple systems, including Linux Kernel, OpenBSD, FreeBSD, dnsmasq, HTTP/2 implementations, Chrome, Safari, and Firefox, demonstrating broad impact.
- Patch the Planet emphasizes collaboration among maintainers, security engineers, and AI workflows to deliver immediate fixes, enhanced project infrastructure, and reusable security tools for long-term improvement.