Why Open Source Security Can't Wait: AI Risks Are Already Here | Hilary Carter, Linux Foundation
Open source software powers critical infrastructure, embedded systems, and enterprise platforms worldwide, yet the security practices and economic value behind it remain poorly understood. As AI-generated code accelerates contribution velocity and introduces new classes of vulnerabilities, organizations need empirical data, not assumptions, to make sound decisions.
In this exclusive interview with Swapnil Bhartiya at TFiR, Hilary Carter, SVP of Research at The Linux Foundation, shares findings from more than 100 studies produced over five years of research into open source dynamics, security, community health, and economic value. Carter covers the Zephyr RTOS at its 10-year milestone, the dual-edged impact of AI on open source security, and an upcoming ROI study targeting the energy sector.
Key Topics Covered:
- Zephyr RTOS at 10 years: community growth metrics, Cyber Resilience Act compliance positioning, and why 69% of survey respondents plan to increase or significantly increase their use of Zephyr
- How AI is simultaneously accelerating vulnerability detection and reintroducing insecure code through vibe coding in pull requests and commits
- The Linux Foundation Research AI disclosure framework and where AI is and is not used in the research process
- ROI of open source contribution across three forms: code, community, and financial, including why energy utilities require a separate economic model
- Survey integrity challenges posed by AI agents gaming research studies, and why human engagement in open source has never been more critical
Read the full story and transcript at www.tfir.io
#OpenSource #LinuxFoundation #ZephyrRTOS #OpenSourceSecurity #AICode #VibeCoding #EmbeddedSystems #CyberResilienceAct #OpenSourceROI #SBOM #OpenSSF #SPDX #IoTSecurity #DevSecOps #OpenSourceResearch
In this exclusive interview with Swapnil Bhartiya at TFiR, Hilary Carter, SVP of Research at The Linux Foundation, shares findings from more than 100 studies produced over five years of research into open source dynamics, security, community health, and economic value. Carter covers the Zephyr RTOS at its 10-year milestone, the dual-edged impact of AI on open source security, and an upcoming ROI study targeting the energy sector.
Key Topics Covered:
- Zephyr RTOS at 10 years: community growth metrics, Cyber Resilience Act compliance positioning, and why 69% of survey respondents plan to increase or significantly increase their use of Zephyr
- How AI is simultaneously accelerating vulnerability detection and reintroducing insecure code through vibe coding in pull requests and commits
- The Linux Foundation Research AI disclosure framework and where AI is and is not used in the research process
- ROI of open source contribution across three forms: code, community, and financial, including why energy utilities require a separate economic model
- Survey integrity challenges posed by AI agents gaming research studies, and why human engagement in open source has never been more critical
Read the full story and transcript at www.tfir.io
#OpenSource #LinuxFoundation #ZephyrRTOS #OpenSourceSecurity #AICode #VibeCoding #EmbeddedSystems #CyberResilienceAct #OpenSourceROI #SBOM #OpenSSF #SPDX #IoTSecurity #DevSecOps #OpenSourceResearch
The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the L...