Language Selection

English French German Italian Portuguese Spanish

Google funds Linux kernel developers to work exclusively on security

Filed under
Google
Security

Hardly a week goes by without yet another major Windows security problem popping up, while Linux security problems, when looked at closely, usually turn out to be blunders made by incompetent system administration. But Linux can't rest on its laurels. There are real Linux security concerns that need addressing. That's where Google and the Linux Foundation come in with a new plan to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor's exclusive focus will be to maintain and improve kernel security and associated initiatives to ensure Linux's security. There's certainly work to be done.

Read more

Working for NSA but also for real security?

  • Google Provides Funding For Linux Kernel Developers To Focus On Security

    Google is announcing today in cooperation with The Linux Foundation that they are providing funding for two full-time developers to focus solely on security issues.

    Longtime Linux developers Gustavo Silva and Nathan Chancellor are the two that will now be focusing full-time on dealing with Linux security issues.

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

    Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

More puff pieces about this...

  • Google invests in open source security by funding Linux kernel developers

    In a nod to the growing importance of open source software, Google today announced that it will underwrite the salaries for two developers who will focus on Linux’s fundamental security.

    The gesture may seem limited, but Google believes targeting the Linux kernel will have a broader impact on Linux’s underlying security. The company hopes other corporations will be inspired to do the same in an attempt to clear a lengthy backlog of items researchers already know need to be addressed.

    The Linux kernel is the basic interface that sits between computer hardware and the software running on it. It has become the cornerstone of a large portion of the open source systems that have been deployed around the world.

  • Google funds two Linux kernel developers to focus on security

    Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.

    Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world's most pervasive open source software project is sustainable for decades to come.

    A recently published open source contributor survey from the Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) has identified a need for additional work on security in open source software. While there are thousands involved in developing the Linux kernel this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the sustainability of open source software.

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    "At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software," said Dan Lorenc, Staff Software Engineer, Google. "We're honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel."

    Chancellor's work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

  • Google funds two Linux Foundation security roles

    The effort support Google’s strategy “to help support the critical open source projects that we’re relying on,” Google software engineer Dan Lorenc told SC Media.

    “We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside.”

    Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.

    Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.

  • Google is funding Linux Kernel developers with a special focus on security

    To further bolster the security credentials of the Linux kernel, Google and the Linux Foundation have decided to fund two kernel developers to work exclusively on security-related developments.

    The kernel developers, Gustavo Silva and Nathan Chancellor, are long-time kernel developers and have now been tasked to maintain and improve kernel security along with any associated initiatives.

    “At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

  • An XDA Recognized Developer is being funded by Google to improve Linux Kernel security

    Google and the Linux Foundation announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a well-known kernel developer on our forums. The two developers will focus their time on improving kernel security and associated initiatives.

    The news comes on the heels of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently publishing an open-source contributor survey report that identified a need for additional work on security in open-source software. In a press release, the Linux Foundation said Google’s contribution to underwriting two full-time security maintainers signals how important it is to maintain the integrity of open-source software.

  • Google funds Linux maintainers to boost Linux kernel security

    Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security.

    "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.

  • Google to fund two full-time Linux kernel security developers - SD Times

    Google and the Linux Foundation have announced plans to maintain and improve Linux’s long-term security. As part of the plan, the organizations will prioritize funds to underwrite long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor as full-time developers focused on Linux kernel security development.

    This decision follows a survey by the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH), which found a need for additional security work on the Linux operating system.

By Microsoft Tim

  • 'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security

    Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.

    The internet giant builds code from its own repositories rather than downloading outside binaries, though given the pace at which code is being added to Linux, this task is non-trivial. Google's open-source security team lead Dan Lorenc spoke to The Register about its approach, and why it will not use pre-built binaries despite their convenience.

    But first: the two individuals full-time sponsored by Google are Gustavo Silva, whose work includes eliminating some classes of buffer overflow risks and on kernel self-protection, and Nathan Chancellor, who fixes bugs in the Clang/LLVM compilers and improves compiler warnings.

    Both are already working at the Linux Foundation, so what is new? "Gustavo's been working on the Linux kernel at the Linux Foundation for several years now," Lorenc tells us. "We've actually been sponsoring it within the Foundation for a number of years. The main change is that we're trying to talk about it more, to encourage other companies to participate. It's a model that works, we're trying to expand it, find contributors that want to turn this into a full-time thing, and giving them the funding to do that."

  • Google Sponsors 2 Full-Time Devs To Improve Linux Security

    Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security

Linux Kernel security to be boosted by Google funding developers

  • Linux Kernel security to be boosted by Google funding developers | GamingOnLinux

    Linux is pretty secure right? Well, like everything else, there are and have been problems. Google is aware of this and they use Linux for a lot and now they're providing funding to help boost Linux security.

    Announced by the Linux Foundation funding has been provided to prioritize two full-time maintainers, Gustavo Silva and Nathan Chancellor, who will focus solely on Linux Kernel security development to ensure "the world's most pervasive open source software project is sustainable for decades to come".

More from CBS

  • Google: We're funding developers to work full-time on Linux security

    Silva will focus on "eliminating several classes of buffer overflows" as well as fixing bugs and developing defense mechanisms for the Linux kernel, The Linux Foundation said. Meanwhile, Chancellor's work will focus on triaging and fixing all bugs found with Clang/LLVM compilers.

    "I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone," said Chancellor.

    The move comes roughly six months after the formation of the Open Source Security Foundation (OpenSSF), a collective of big tech industry players working to improve the security of open-source software as it becomes pervasive in big industry applications, including data centers and critical infrastructure.

By IT PRO

Google Funding For Linux Security

  • Google Funding For Linux Security

    Back in December we reported on Google's involvement in a new project from the Open Source Security Foundation to measure the criticality of open source projects as the first step on an undertaking to ensure that projects that are heavily relied on get the resources they need, see Taking Open Source Criticality Seriously. This funding, which is also motivated by findings from the 2020 FOSS Contributor Survey which identified a need for additional work on security in open source software, aims to ensure the long-term sustainability of Linux which is acknowledged as the world's most pervasive open source software as well as being among the top five in terms of its criticality score.

EnterpriseTalk

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently published an open source contributor survey report that identified a need for additional work on security in open source software, which includes the massively pervasive Linux operating system.

    Linux is fueled by more than 20,000 contributors and as of August 2020, one million commits. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.

Two more...

  • Security News in Review: Google Funding Security Development for Linux Kernel

    We’re back after a skipped Security News in Review last week. In this week’s edition of our roundup of the biggest cybersecurity news stories, we have reporting on ransomware attacks shutting down Underwriters Laboratories and a payment processor widely used by state and municipal governments, as well as a report on Google partnering with the Linux Foundation to hire two people whose sole job will be to improve the security of the Linux kernel.

    Read on for the latest Security News in Review, and let us know if we missed anything.

  • Google to Underwrite Contributors to Linux Security

    Google and the Linux Foundation announced this week they will underwrite two full-time maintainers for Linux kernel security development.

    Gustavo Silva is currently working full time on eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. He is also actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Silva sent his first kernel patch in 2010 and is an active member of the Kernel Self Protection Project (KSPP).

    Nathan Chancellor will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration (CI) systems to support this work. He has been working on the Linux kernel for four and a half years.

Belated puff piece connected to LF

  • Google, Linux Foundation Fund Linux Kernel Developers To Focus Exclusively On Security

    Google and the Linux Foundation announced that they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

    Silva and Chancellor’s exclusive focus will be to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

Late arrival

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.