Security · 2h ago
Aikido acquires Root for $70M to patch open-source vulnerabilities without upgrades
Aikido Security acquired Root for $70 million to patch open-source vulnerabilities directly in the version used by a build, avoiding disruptive upgrades. Root's technology will be integrated into a new Aikido product, enabling teams to fix CVEs without breaking changes. The approach raises questions about artifact provenance and supply chain trust.
Meridian48 take
The acquisition solves a real pain point, but the security industry should scrutinize how patched artifacts are signed and attested before trusting them in production pipelines.
Read the full reporting
Aikido buys Root to patch open source in place, without the upgrade dance →
DEV Community
open-source-securitysupply-chain