Good Morning! Google's launched a new Chromium fund with the Linux Foundation to support open-source browser development. CISA's released fresh security guidelines that actually make practical sense for software development. And Code Intelligence's new AI testing tool Spark just caught a real vulnerability while running solo - no human hand-holding needed.

— Forrest Knight & Meghanadh Vasireddy

Google Teams Up with Linux Foundation on New Chromium Fund

Back in the day Google launched Chromium back in 2008 alongside Chrome. Fast forward to 2025, and it's powering everything from Microsoft Edge to Opera and Brave. Here's the thing though - Google's been doing most of the heavy lifting, contributing about 94% of the code.

What's New: Google and the Linux Foundation just announced the "Supporters of Chromium-Based Browsers" fund. Think of it as a neutral playground where companies can pitch in to support Chromium's open-source ecosystem. Meta, Microsoft, and Opera are already on board.

Google's current contributions include:

• Running thousands of servers for continuous testing

• Handling hundreds of daily bug reports

• Managing code maintenance for the entire project

• Making over 100,000 commits last year alone

Behind the Scenes: The timing's interesting - this comes right after the DOJ's antitrust ruling against Google, which might require them to sell Chrome. But here's the clever bit: by establishing this fund, Google's showing that Chromium could survive without them, while also demonstrating their massive contribution to the open-source project.

The initiative promises to provide clearer governance and direct funding toward community needs, potentially reshaping how this crucial piece of web infrastructure evolves.

CISA Drops New Security Guidelines for Software Development

CISA (you know, the folks keeping America's cyber infrastructure safe) just released their IT Sector-Specific Goals (SSGs). Think of it as a security best practices playbook for software development, but one that's actually useful and not just bureaucratic paperwork.

These guidelines split into two main areas: Software development process and product design. They're voluntary, but they're built to complement CISA's existing Cross-Sector Cybersecurity Performance Goals.

Key Development Process Goals:

• Environment separation and secure credential storage

• Real-time monitoring and alerting for cyber incidents

• Multi-Factor Authentication (MFA) enforcement

• Automated vulnerability scanning pre-release

• Software Bill of Materials (SBOM) availability

• Supply chain risk management implementation

Behind the Scenes: Chris Hughes, CISA Cyber Innovation Fellow, points out these aren't revolutionary - they align with existing frameworks like NIST's Secure Software Development Framework.

But here's the kicker: they're focusing on fundamental practices that actually matter, especially for teams building products that other developers and consumers will use downstream.

Bottom line: This is CISA's way of saying "let's build secure software from the ground up" without making it overly complicated.

AI-Powered Bug Hunter: Spark Finds Vulnerabilities on Autopilot

Ever wished you had an AI sidekick to handle your software testing? Code Intelligence just launched Spark, an AI test agent that's already proving its worth by uncovering real vulnerabilities in production code - and it does it all autonomously.

What's New: During beta testing, Spark spotted a heap-based use-after-free vulnerability in WolfSSL (a popular cryptography library used in IoT devices) with just one command from a human. The rest - code analysis, test case generation, and execution - was all Spark.

Technical Specs & Capabilities:

• Fully autonomous code analysis and vulnerability detection

• Specializes in white-box fuzz testing

• Handles codebases up to 100k lines (saving ~1,000 manual hours)

• Generates test cases automatically

• Plans to add automatic bug fixing with human-approved pull requests

• Integrates directly into CI/CD pipelines

Looking Ahead: Code Intelligence's CEO Eric Brueggemann hints at even bigger plans: automatic bug fixing that'll complete the entire testing cycle in minutes. Don't worry though - humans will still make the final calls on those pull requests. Want to see it in action? They're hosting a launch event on January 28th with folks from Continental and Mozilla sharing their experiences.

🔥 More Notes

• New mathematical model could help protect privacy and ensure safer use of AI

• Human-inspired AI model can produce and understand vocal imitations of everyday sounds

• Google searches for deleting Facebook, Instagram explode after Meta ends fact-checking

📹 Youtube Spotlight

I built my own Browser

Was this forwarded to you? Sign Up Here