OpenSSF sings a Siren song to steer developers away from buggy FOSS Securing open source software may soon become a little bit easier thanks to a new vulnerability info-sharing effort initiated by the Open Source Security Foundation (OpenSSF). Dubbed OpenSSF Siren, the threat intelligence sharing group aims to “aggregate and disseminate threat intelligence” to provide real-time security …
> instead intending it to serve as a "post-disclosure means of keeping the community informed of threats and activities after the initial sharing and coordination."
So another vulnerability blog funded by companies.
Perhaps those companies should instead just fund a group of developers whose sole task is to immediately provide fixes for new vulnerabilities? You know, provide them to the quoted lone open-source-dev projects?
If I recall correctly the sirens' song lured unsuspecting mariners onto fatal rocks to perish.
Odysseus had his crew lash him to the mast while they filled their own ears with beeswax so the crew rowed their vessel safely passed the sirens.
Odd choice of name I would have thought. Klaxon or "Cloister Bell*" might have been a better choice.
More like a shipping weather forecast so perhaps "Rockall." ;)
* for the Whooligans :)
Well, “klaxon”, more or less. See Wikipedia | Siren (alarm) and Wiktionary | siren (noun, sense 7). I'm pretty sure it was this sense of the word they meant.
“Siren” also has the advantage of being exactly the same word in many languages, whereas “klaxon” is pretty much limited to English – and Italian and Catalan, judging from Wikipedia's “Other Languages” links. Which refer to car horns, not general alarm devices... Because that's what “klaxon” redirects to even on English WP. Seems it's your usage that is parochial, not the SSH developers’.
From Mother Beeb herself: Even in peaceful countries be ready for a siren blast (emphasis added).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
