Google Funding For Linux Security
Written by Sue Gee   
Friday, 26 February 2021

In an initiative that signals the importance of security in the ongoing sustainability of open source software, Google has announced that with the Linux Foundation it is providing funding for two full-time maintainers for Linux kernel security development. 

googlinux

Back in December we reported on Google's involvement in a new project from the Open Source Security Foundation to measure the criticality of open source projects as the first step on an undertaking to ensure that projects that are heavily relied on get the resources they need, see Taking Open Source Criticality Seriously. This funding, which is also motivated by findings from the 2020 FOSS Contributor Survey which identified a need for additional work on security in open source software, aims to ensure the long-term sustainability of Linux which is acknowledged as the world's most pervasive open source software as well as being among the top five in terms of its criticality score.

The funding from Google "to underwrite two full-time maintainers" will permit Nathan Chancellor and Gustavo Silva to focus exclusively on maintaining and improve kernel security.

According to the announcement from the Linux Foundation, Chancellor has been working on the Linux kernel for four and a half years and for the past two years has been  contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools. In future his work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies.

Silva sent in his first kernel patch in 2010 and is currently an active member of the Kernel Self Protection Project (KSPP). Since 2017 he has been one of the top five most active kernel developers with more than 2,000 commits in mainline. His full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. Additionally, he is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities.

David A. Wheeler, Director of Open Source Supply Chain Security at the Linux Foundation commented:

“Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure. We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success.”

googlinux

 

More Information

Google Funds Linux Kernel Developers To Focus Exclusively on Security (Linux Foundation) 

 

Related Articles

Taking Open Source Criticality Seriously

The State Of Secure Software Development - Three OpenSSF Courses

Open Source Contributors - Payment and Other Motivation

The Importance of Open Source Contributions

What Attracts Devs To Open Source

Why Take Part In Open Source?

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


Questions To Identify Non-Programmers
19/03/2021

How can you tell if somebody who claims to be a programmer really is or is in fact an imposter who has watched a few You Tube videos and acquired some of the jargon without really understanding the co [ ... ]



Microsoft Launches Apps Bug Bounty Program
26/03/2021

Microsoft has announced a bug bounty program for applications with awards of up to $30,000. The first app to be added to the program is Teams, its Office 365 business communications software that can  [ ... ]


More News

square

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 26 February 2021 )