New Open Source Initiative Addresses Legacy Software Security Challenges

The Commonhaus Foundation launched the Open Source Sustainability Initiative (OSSI) to assist enterprises managing aging open-source projects facing end-of-life (EOL) challenges. HeroDevs, a founding member, will provide commercial support for legacy software like Hibernate, Jackson, and Quarkus. The initiative aims to address the rising number of Common Vulnerabilities and Exposures (CVEs), with HeroDevs reporting 67 CVEs for the Spring framework in June 2026, including 27 high-severity issues. The OSSI seeks to improve lifecycle transparency and collaboration among maintainers and enterprises. Additionally, HeroDevs discovered a new high-severity vulnerability, CVE-2026-11998, affecting AngularJS, which was patched. The initiative is critical as enterprises struggle to maintain security compliance amid increasing regulatory pressures and AI-driven vulnerabilities.

Key Points: • The Open Source Sustainability Initiative aims to support aging open-source projects. • HeroDevs reported 67 CVEs for the Spring framework in June 2026, highlighting security risks. • A new high-severity AngularJS vulnerability, CVE-2026-11998, was discovered and patched.