With fresh funding from the Linux Foundation’s Alpha Omega initiative, FreeBSD is turning to AI tools and paid security staff to hunt vulnerabilities across its codebase.
They’re going to use AI to get the bugs out at FreeBSD.
On Monday, the FreeBSD Foundation announced that it’s launched the AI-assisted Vulnerability Discovery Project, a six-month effort that’s tasked with reducing the number of exploitable vulnerabilities in FreeBSD’s source code. It’s being funded by a $250,000 grant from the Alpha Omega project, a Linux Foundation/OpenSSF initiative that funds and coordinates projects focused on making open‑source software more secure, especially software widely used in infrastructure and supply chains.
BSD is an open source operating system that predates Linux. As a direct descendant of AT&T Unix, it’s considered to be a variant of Unix, the operating system that dominated corporate servers until being largely supplanted by Linux during the first decade of the 21st century.
FreeBSD plans to use the funds to put at least three members of its security team under fixed-term contracts to find and patch vulnerabilities. Access to AI models for vulnerability analysis will be free of charge for the duration of the project, although the foundation doesn’t identify who’s supplying the access.
“The project’s goals are to reduce the number of vulnerabilities in the FreeBSD source code and to develop practical approaches that will improve efficiency in vulnerability management,” the organization said in a statement.
According to the FreeBSD Foundation, AI will be used to find vulnerabilities. When found, they’ll be flagged for the project’s team to triage, validate, and patch. While the work is in progress, the team will be looking for opportunities to improve and automate key areas in the FreeBSD security team’s infrastructure, including improving fuzzing (stress testing) for all release branches, patching, and automatically triaging vulnerability reports.
“Initially, the FreeBSD kernel will be the focus of the project, followed by the base system userland, and the ports tree,” the statement said. “All parts of FreeBSD may be in scope and will be addressed in priority order as time allows.”
In addition, the project team will share information with other Alpha Omega projects to improve the work being done across the board.
“The FreeBSD Security Team has been receiving an increasing number of vulnerability reports from researchers leveraging AI tooling, and that volume continues to grow,” Gordon Tetlow, a security officer with the FreeBSD Project, said. “This funding augments our volunteer Security Team, giving us the capacity to find, triage, and fix vulnerabilities rather than only responding to those reported to us.”
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment