|Google Funding For Linux Security|
|Written by Sue Gee|
|Friday, 26 February 2021|
In an initiative that signals the importance of security in the ongoing sustainability of open source software, Google has announced that with the Linux Foundation it is providing funding for two full-time maintainers for Linux kernel security development.
Back in December we reported on Google's involvement in a new project from the Open Source Security Foundation to measure the criticality of open source projects as the first step on an undertaking to ensure that projects that are heavily relied on get the resources they need, see Taking Open Source Criticality Seriously. This funding, which is also motivated by findings from the 2020 FOSS Contributor Survey which identified a need for additional work on security in open source software, aims to ensure the long-term sustainability of Linux which is acknowledged as the world's most pervasive open source software as well as being among the top five in terms of its criticality score.
The funding from Google "to underwrite two full-time maintainers" will permit Nathan Chancellor and Gustavo Silva to focus exclusively on maintaining and improve kernel security.
According to the announcement from the Linux Foundation, Chancellor has been working on the Linux kernel for four and a half years and for the past two years has been contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools. In future his work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies.
Silva sent in his first kernel patch in 2010 and is currently an active member of the Kernel Self Protection Project (KSPP). Since 2017 he has been one of the top five most active kernel developers with more than 2,000 commits in mainline. His full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. Additionally, he is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities.
David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation commented:
“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure. We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success.”
Google Funds Linux Kernel Developers To Focus Exclusively on Security (Linux Foundation)
Taking Open Source Criticality Seriously
The State Of Secure Software Development - Three OpenSSF Courses
Open Source Contributors - Payment and Other Motivation
The Importance of Open Source Contributions
What Attracts Devs To Open Source
To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 26 February 2021 )|