The development of any type of software needs to be guided by security. How Linux is no different. In view of this, Google and the Linux Foundation announced, this week, the creation of a fund that will allow two developers to work exclusively with security aspects of the kernel.
The two developers are Gustavo Silva and Nathan Chancellor. Both have contributed to the Linux kernel source code for some years. Thanks to the initiative’s financial resources, both will now work full time to ensure that the project is as safe as possible in the long run.
Having people dedicated to security is important. The Linux Foundation highlights a report prepared by OpenSSF in conjunction with Harvard University’s Innovation Science Laboratory that points out that open source initiatives need more efforts to provide adequate levels of security.
In the case of Linux, it is not that security issues are being overlooked. But today, the development and maintenance of the kernel has the contribution of more than 20 thousand employees. Everyone takes safety recommendations seriously, but in a universe with so many people, it is essential that the project can count on developers dedicated exclusively to this aspect.
Recognizing the relevance of the matter to the Linux ecosystem, Google decided to contribute financially to allow the kernel to have developers specifically focused on security:
At Google, security is always first and we understand the critical role this aspect plays for the sustainability of open source software.
Dan Lorenc, Google software engineer
Basically, Nathan Chancellor will focus on screening and fixing bugs found in the Clang / LLVM compilers while working on establishing integration systems that will support these efforts. Later, it will improve the kernel’s features using the aforementioned compilers.
In turn, Gustavo Silva will dedicate himself to a job he already performs: eliminating buffer overflow classes, a problem also known as buffer overflow, which occurs when software tries to write data above the allowed buffer limit.
Silva will also act to correct bugs and develop defense mechanisms capable of eliminating entire classes of vulnerabilities.
David A. Wheeler, of the Linux Foundation, highlights the importance of these works:
Ensuring the security of the Linux kernel is extremely important considering that it is a critical part of the infrastructure and modern computing. This requires that we help in every way possible to ensure that everything is safe and sustainable.
David A. Wheeler, director of open source supply chain security at the Linux Foundation
With information: Bleeping Computer.