Private-response landscape · Comparison sheet
Four open-source-specific coordinated security initiatives launched in a five-week span — what they do, how they're built, and who gets protected first.
This comparison is drawn from each initiative's own published material; figures and claims are as the initiatives describe them and are not independently verified.
The shape of the field
Does the body do the work (find and fix bugs itself) or coordinate the work (pool findings from others)? And is it commercial (fixes gated to paying members first) or non-profit (fixes reach everyone at disclosure)? The commercial axis is also the embargo axis — pre-disclosure two-tier access falls out of it automatically.
$5bn subscription clearinghouse. Finds + fixes; sells validated patches.
Vertically-integrated coalition. Members get private hardened builds before disclosure.
Free hands-on engagement. Finds, patches, merges upstream — public from the start.
Neutral coalition. Shared SIRT, single CVD; one embargo for everyone.
Table 1
The clearinghouse function chain, from finding a bug to getting the fix home. core marks each body's primary function.
| Service | Lightwell | Patch the Planet | Akrites | Athena |
|---|---|---|---|---|
| Discovery — finds bugs itself | Yes (own AI + engineers) | Yes core | No — ingests from Finders | No — ingests from finders |
| Triage / dedup / enrich | Yes | Yes (+ HackerOne, Calif) | Yes core | Yes core (publishes OSV feed) |
| Remediation — produces the patch | Yes core | Yes core (writes, tests, merges) | Yes (coalition engineers) | Yes (private hardened rebuilds) |
| Non-patch mitigation — network / platform / detection | Yes (via Palo Alto Networks, Jun 2026) | No | No | Yes core (network, platform, vendor) |
| Coordinated disclosure | Yes (coordinates upstream) | Yes (via HackerOne, Calif) | Yes core (single CVD) | Yes (hopes to hand SIRT to LF) |
| Maintainer of last resort | No (explicit) | No | Yes | Yes |
| Fix distribution channel | Commercial subscription | Upstream merge (free, public) | Published to namespace at disclosure | Chainguard Libraries (commercial) + upstream |
Table 2
How each body is owned, governed, funded, and how it handles the embargo. The embargo row is colour-coded by who is protected first.
| Dimension | Lightwell | Patch the Planet | Akrites | Athena |
|---|---|---|---|---|
| Lead / host | IBM / Red Hat | OpenAI + Trail of Bits | Linux Foundation | Chainguard |
| Launch | 28 May 2026 | 22 Jun 2026 | 25 Jun 2026 | late Jun 2026 |
| Commercial model | Commercial — $5bn, subscription | Free to maintainers; vendor-sponsored | Non-profit — dues + in-kind | Commercial — members-first via paid product |
| Model-specific? | Model-agnostic (own AI) | Model-specific (GPT-5.5-Cyber, Codex) | Model-agnostic | Model-agnostic |
| OS-project role in governance | None — recipients of fixes | Scope control only, not governance | Associate tier — lowest, non-governing, invited at Board discretion | Minimal / unstated |
| Outside-finder intake — can a non-party report a vuln in? | No — subscriber-gated customer channel | N/A — it is the finder, no report-in pathway | No — via members (LF membership + agreement + NDA) | No — members submit via encrypted portal |
| Open participation — can an outside party join / apply? | Pay to subscribe | Yes — open application (selection discretionary) | Invite / Board discretion (Associate tier) | Join the coalition (membership) |
| Upstream relationship — where / when the fix lands | Backport-first — signed patches to pinned versions for subscribers; upstream commit secondary | Upstream-first — writes, tests & merges into the project's own repo from the start | Upstream at disclosure — published to the project's namespace at the single window | Private-build-first — hardened builds via Chainguard Libraries pre-disclosure; upstream reconciled later |
| Namespace authority — power asserted over the project | None claimed | None claimed | Maintainer of last resort (bounds unstated) | Maintainer of last resort (bounds unstated) |
| Embargo / pre-disclosure access | Members-first — subscribers get validated + preemptive virtual patches before public | Equal — standard CVD, no members-first tier | Equal — TLP:RED to all until one disclosure window | Members-first — private builds before disclosure; public gets mitigations only |
| Public-body / national-CSIRT involvement | None | None | None — runs on CERT/CC's VINCE & names FIRST, but no CSIRT participates | None |
| Finder feeds accepted | Own (+ acts as a Finder into Akrites) | Own (OpenAI) | Glasswing, MITRE/CVE, Lightwell, FIRST | All frontier models incl. Glasswing, Daybreak |
| Stated scale | 20,000+ engineers; 11 banks; Maven/Java → PyPI, npm, Go | 30+ projects; 51 significant / 19 fixed in week 1 | ~20 founding members (largely LF sub-foundations) | 24+ members; 20k findings / 2k patches / 500 projects |
Two constants across all four
Whatever else differs, two cells read the same down every column — and together they are the sovereignty argument in two rows.
In all four, the maintainers the systems exist to serve are recipients or scope-setters, never governors. Akrites makes it most explicit — the unpaid Associate tier, admitted at the Governing Board's discretion.
No government, EU institution, or national CSIRT sits inside any of the four — even though coordinated disclosure is historically the CSIRT/CERT mandate. Akrites even runs on CERT/CC's VINCE tooling while excluding the CSIRTs themselves. The whole response is privately governed and US-anchored.
Sources
Primary launch materials for each initiative.
Lightwell
IBM / Red Hat · 28 May 2026
Red Hat press release IBM newsroom Product page Palo Alto expansion (Jun 2026)Patch the Planet
OpenAI / Trail of Bits · 22 Jun 2026
OpenAI announcement Trail of Bits announcement