CVE patching is not making your Linux secure

Would you like to enhance your Linux security? Do you wonder what factors should be considered when evaluating your open source security from both – the infrastructure and the application perspectives? Are you keen to learn the Ubuntu security team approach? I’ve learned that CVE patching is indeed an important puzzle, but without a structured approach, professional tools and well-defined processes in place, your Linux environment will not be secure.
What do Linux security experts say?
I got inspired by all these questions during the Open Source Security Summit, which was followed by the Linux Security Summit. I really enjoyed a week full of keynotes, workshops and meaningful conversations. So much so that, in my notebook, I noted down some really good quotes about the Linux security. For instance, Kelly Hammond from Intel opened her keynote by saying that “security is like doing the laundry or the dishes – it’s never done”.
Linux security is more complicated than fixing CVEs
Fixing CVEs is a continuous job that all Linux security teams focus on. In his keynote, Greg Kroah-Hartman from the Linux Foundation looked at this problem from the kernel perspective. In his exact words “CVEs mean nothing for the kernel” because very few CVEs are ever going to be assigned for the kernel. A stable Linux kernel receives 22-25 patches every day without any CVE process involved. So Greg’s position on the Linux security comes down to always using the latest stable kernel and not worrying about CVEs.
-
- Login or register to post comments
Printer-friendly version
- 1761 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Games: ENCODYA, Stadia and More
| Looks Like Fedora 34 Workstation Will Ship with the GNOME 40 Desktop by Default
The Fedora development team decided not to break protocol and continue following the latest upstream GNOME releases for its next major release, Fedora 34. As you probably know already, Canonical recently revealed that its upcoming Ubuntu 21.04 (Hirsute Hippo) distro release won’t ship with GNOME 40 due its major UI redesign.
This won’t happen with Fedora Linux, as it looks like the upcoming Fedora Linux 34 release will offer a pure GNOME 40 desktop experience on its flagship ‘Workstation’ edition. As GNOME 40 is built using the latest GTK 4 toolkit, that will be included as well in Fedora 34, due for release in late April 2021.
|
Android Leftovers
| Latest on CentOS
|
Recent comments
53 min 18 sec ago
6 hours 50 min ago
8 hours 37 min ago
8 hours 44 min ago
8 hours 49 min ago
8 hours 52 min ago
16 hours 52 min ago
16 hours 55 min ago
17 hours 38 min ago
17 hours 40 min ago