Google and the Linux Foundation have announced plans to fund two full-time maintainers to exclusively focus on Linux kernel security development. Gustavo Silva and Nathan Chancellor, both active Linux contributors, will work to strengthen kernel security and associated projects.
Their goal is to make the pervasive operating system more sustainable as research indicates a need to improve open source software security, specifically in Linux. A report from the Linux Foundation's Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard University (LISH) found a lack of security efforts in open source software.
It's worth noting Linux has more than 20,000 contributors and 1 million commits as of August 2020. But while there are thousands of Linux developers, Google's contribution to underwrite two full-time Linux security maintainers indicates the greater role security will play in its future. The company also hopes this initiative will motivate other organizations to contribute.
"Supply chain security and open source security are critical," says Google software engineer Dan Lorenc. "A lot of companies know that now and want to help but don't really know how to … we're trying to talk about it now and show people how we're doing it, so that they can get encouraged and get inspired and come up with other ways they can help out, too."
Lorenc sees two key components in the issue of open source software security. One is the fact that it comes from people all over the world, some of whom might be malicious or have bad intentions – an inherent problem to open source security. The other is it's ..
Support the originator by clicking the read the rest link below.
