In a nod to the growing importance of open source software, Google today announced that it will underwrite the salaries for two developers who will focus on Linux’s fundamental security.
The gesture may seem limited, but Google believes targeting the Linux kernel will have a broader impact on Linux’s underlying security. The company hopes other corporations will be inspired to do the same in an attempt to clear a lengthy backlog of items researchers already know need to be addressed.
The Linux kernel is the basic interface that sits between computer hardware and the software running on it. It has become the cornerstone of a large portion of the open source systems that have been deployed around the world.
And the issue has taken on greater urgency for Google, which has progressively been adopting more open source software. Google notably contributed Kubernetes to the Linux Foundation, and the system has become a lynchpin of the cloud-native computing movement.
But that work has also driven home the urgent need for greater security in open source tools, according to Google staff software engineers Dan Lorenc.
Google has been generally expanding its focus on security as part of a move to make Google Cloud offerings more attractive to companies holding ultra-sensitive data.
“It’s hopefully a proactive response,” Lorenc said. “We’re trying to get ahead of the rise of supply chain attacks.”
The Linux Foundation’s Open Source Security Foundation (OpenSSF) partnered with the Laboratory for Innovation Science at Harvard (LISH) on a recent report that emphasized the need for greater open source security, including for Linux.
Lorenc said that as Linux has become increasingly fundamental to supply chains and other large systems, it has naturally become a bigger target for cyber criminals. Lots of companies now sell security solutions, but shoring up the Linux kernel is seen as a way to toughen basic security.
Via the foundation, Linux is maintained and developed by an estimated 20,000 contributors working on their own time. While many of these individuals have some interest in security, Google’s move could help make security a bigger priority.
The funds will allow two maintainers, Gustavo Silva and Nathan Chancellor, to focus on Linux kernel security development. The pair have been among the most active contributors and will now be able to commit themselves on a full-time basis.
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform
- networking features, and more
Source: Read Full Article