NHS Goes to War Against Open Source

I get that this was probably difficult because of timing and such, but I wish Anthropic had announced at least one vulnerability in a closed-source program as part of the Mythos announcement. Since all the vulnerabilities announced at that time were in OSS, I think this contributed to the perception that the coming wave of security-research automation is specifically for programs where the LLM can look at the source code. (Anthropic claims that Mythos found vulnerabilities in closed-source programs, but that none of them had been fully patched yet as of the announcement, so didn't say what they were.)

Like you say in the article, please make sure you mirror the repos back up to a public forge in the event that they’re closed.

I remember when I was at GDS back in 2016 a less-central team tried to make a repo private because of an security incident they decided not to prioritise, and they were surprised to find out that forks didn’t go private as well when they did it. Luckily they changed tack after a pointed conversation.

Perhaps I'm being paranoid and should assume ignorance rather them malice, but I can't help but wonder if there was significant lobbying from companies providing healthcare software to make these repos closed-source.

I know nothing about the NHS, so I have no idea if this is plausible.