Language Selection

English French German Italian Portuguese Spanish

Google funds Linux kernel developers to work exclusively on security

Filed under
Google
Security

Hardly a week goes by without yet another major Windows security problem popping up, while Linux security problems, when looked at closely, usually turn out to be blunders made by incompetent system administration. But Linux can't rest on its laurels. There are real Linux security concerns that need addressing. That's where Google and the Linux Foundation come in with a new plan to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor's exclusive focus will be to maintain and improve kernel security and associated initiatives to ensure Linux's security. There's certainly work to be done.

Read more

Working for NSA but also for real security?

  • Google Provides Funding For Linux Kernel Developers To Focus On Security

    Google is announcing today in cooperation with The Linux Foundation that they are providing funding for two full-time developers to focus solely on security issues.

    Longtime Linux developers Gustavo Silva and Nathan Chancellor are the two that will now be focusing full-time on dealing with Linux security issues.

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    Today, Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

    Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

More puff pieces about this...

  • Google invests in open source security by funding Linux kernel developers

    In a nod to the growing importance of open source software, Google today announced that it will underwrite the salaries for two developers who will focus on Linux’s fundamental security.

    The gesture may seem limited, but Google believes targeting the Linux kernel will have a broader impact on Linux’s underlying security. The company hopes other corporations will be inspired to do the same in an attempt to clear a lengthy backlog of items researchers already know need to be addressed.

    The Linux kernel is the basic interface that sits between computer hardware and the software running on it. It has become the cornerstone of a large portion of the open source systems that have been deployed around the world.

  • Google funds two Linux kernel developers to focus on security

    Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.

    Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world's most pervasive open source software project is sustainable for decades to come.

    A recently published open source contributor survey from the Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) has identified a need for additional work on security in open source software. While there are thousands involved in developing the Linux kernel this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the sustainability of open source software.

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    "At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software," said Dan Lorenc, Staff Software Engineer, Google. "We're honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel."

    Chancellor's work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work ongoing. Once those aims are well-established, he plans to begin adding features and polish to the kernel using these compiler technologies. Chancellor has been working on the Linux kernel for four and a half years. Two years ago, Chancellor started contributing to mainline Linux under the ClangBuiltLinux project, which is a collaborative effort to get the Linux kernel building with Clang and LLVM compiler tools.

  • Google funds two Linux Foundation security roles

    The effort support Google’s strategy “to help support the critical open source projects that we’re relying on,” Google software engineer Dan Lorenc told SC Media.

    “We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside.”

    Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.

    Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.

  • Google is funding Linux Kernel developers with a special focus on security

    To further bolster the security credentials of the Linux kernel, Google and the Linux Foundation have decided to fund two kernel developers to work exclusively on security-related developments.

    The kernel developers, Gustavo Silva and Nathan Chancellor, are long-time kernel developers and have now been tasked to maintain and improve kernel security along with any associated initiatives.

    “At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer, Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

  • An XDA Recognized Developer is being funded by Google to improve Linux Kernel security

    Google and the Linux Foundation announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a well-known kernel developer on our forums. The two developers will focus their time on improving kernel security and associated initiatives.

    The news comes on the heels of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently publishing an open-source contributor survey report that identified a need for additional work on security in open-source software. In a press release, the Linux Foundation said Google’s contribution to underwriting two full-time security maintainers signals how important it is to maintain the integrity of open-source software.

  • Google funds Linux maintainers to boost Linux kernel security

    Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security.

    "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.

  • Google to fund two full-time Linux kernel security developers - SD Times

    Google and the Linux Foundation have announced plans to maintain and improve Linux’s long-term security. As part of the plan, the organizations will prioritize funds to underwrite long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor as full-time developers focused on Linux kernel security development.

    This decision follows a survey by the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH), which found a need for additional security work on the Linux operating system.

By Microsoft Tim

  • 'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security

    Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security.

    The internet giant builds code from its own repositories rather than downloading outside binaries, though given the pace at which code is being added to Linux, this task is non-trivial. Google's open-source security team lead Dan Lorenc spoke to The Register about its approach, and why it will not use pre-built binaries despite their convenience.

    But first: the two individuals full-time sponsored by Google are Gustavo Silva, whose work includes eliminating some classes of buffer overflow risks and on kernel self-protection, and Nathan Chancellor, who fixes bugs in the Clang/LLVM compilers and improves compiler warnings.

    Both are already working at the Linux Foundation, so what is new? "Gustavo's been working on the Linux kernel at the Linux Foundation for several years now," Lorenc tells us. "We've actually been sponsoring it within the Foundation for a number of years. The main change is that we're trying to talk about it more, to encourage other companies to participate. It's a model that works, we're trying to expand it, find contributors that want to turn this into a full-time thing, and giving them the funding to do that."

  • Google Sponsors 2 Full-Time Devs To Improve Linux Security

    Worried about the security of Linux and open-source code, Google is sponsoring a pair of full-time developers to work on the kernel's security

Linux Kernel security to be boosted by Google funding developers

  • Linux Kernel security to be boosted by Google funding developers | GamingOnLinux

    Linux is pretty secure right? Well, like everything else, there are and have been problems. Google is aware of this and they use Linux for a lot and now they're providing funding to help boost Linux security.

    Announced by the Linux Foundation funding has been provided to prioritize two full-time maintainers, Gustavo Silva and Nathan Chancellor, who will focus solely on Linux Kernel security development to ensure "the world's most pervasive open source software project is sustainable for decades to come".

More from CBS

  • Google: We're funding developers to work full-time on Linux security

    Silva will focus on "eliminating several classes of buffer overflows" as well as fixing bugs and developing defense mechanisms for the Linux kernel, The Linux Foundation said. Meanwhile, Chancellor's work will focus on triaging and fixing all bugs found with Clang/LLVM compilers.

    "I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone," said Chancellor.

    The move comes roughly six months after the formation of the Open Source Security Foundation (OpenSSF), a collective of big tech industry players working to improve the security of open-source software as it becomes pervasive in big industry applications, including data centers and critical infrastructure.

By IT PRO

Google Funding For Linux Security

  • Google Funding For Linux Security

    Back in December we reported on Google's involvement in a new project from the Open Source Security Foundation to measure the criticality of open source projects as the first step on an undertaking to ensure that projects that are heavily relied on get the resources they need, see Taking Open Source Criticality Seriously. This funding, which is also motivated by findings from the 2020 FOSS Contributor Survey which identified a need for additional work on security in open source software, aims to ensure the long-term sustainability of Linux which is acknowledged as the world's most pervasive open source software as well as being among the top five in terms of its criticality score.

EnterpriseTalk

  • Google Funds Linux Kernel Developers to Focus Exclusively on Security

    The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) recently published an open source contributor survey report that identified a need for additional work on security in open source software, which includes the massively pervasive Linux operating system.

    Linux is fueled by more than 20,000 contributors and as of August 2020, one million commits. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.

Two more...

  • Security News in Review: Google Funding Security Development for Linux Kernel

    We’re back after a skipped Security News in Review last week. In this week’s edition of our roundup of the biggest cybersecurity news stories, we have reporting on ransomware attacks shutting down Underwriters Laboratories and a payment processor widely used by state and municipal governments, as well as a report on Google partnering with the Linux Foundation to hire two people whose sole job will be to improve the security of the Linux kernel.

    Read on for the latest Security News in Review, and let us know if we missed anything.

  • Google to Underwrite Contributors to Linux Security

    Google and the Linux Foundation announced this week they will underwrite two full-time maintainers for Linux kernel security development.

    Gustavo Silva is currently working full time on eliminating several classes of buffer overflows by transforming all instances of zero-length and one-element arrays into flexible-array members, which is the preferred and least error-prone mechanism to declare such variable-length types. He is also actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities. Silva sent his first kernel patch in 2010 and is an active member of the Kernel Self Protection Project (KSPP).

    Nathan Chancellor will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration (CI) systems to support this work. He has been working on the Linux kernel for four and a half years.

Belated puff piece connected to LF

  • Google, Linux Foundation Fund Linux Kernel Developers To Focus Exclusively On Security

    Google and the Linux Foundation announced that they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

    Silva and Chancellor’s exclusive focus will be to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.

Late arrival

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's leftovers

     
  • What is Raspberry Pi 4 “Model B”? [Ed: I'm still waiting for them to formally apologise for going behind customers' backs, making secret deals with Microsoft to put Microsoft malware on all those devices]

    Raspberry Pi has conquered the world of SoC (System on a Chip). It has already garnered millions of followers since its release in 2012. Not only is it inexpensive, but it’s also versatile, modular, and multi-purpose. It has become popular not only as a credit-sized computer board but also as a controller in electronic, robotics, and IoT projects. The size, features, and price drive the popularity of the Pi, especially in the DIY community. To keep up with the current technological trends, the tiny board has undergone plenty of upgrades over the years, and there have been many varieties so it can cater to the needs and demands of its users. In 2019, the Raspberry Pi Foundation released the fourth generation of the multi-purpose board, the Raspberry Pi 4 B. It is the most powerful Pi to date, sporting huge upgrades from its predecessors. The compact board is touted to deliver a PC-level performance, and it didn’t disappoint.

  • Kentaro Hayashi: Grow your ideas for Debian Project

    There may be some "If it could be ..." ideas for Debian Project. If idea is concreate and worth to make things forward, it should make a proposal for Project Funding. [...] I'm not confident whether mechanism works, but Debian needs change.

  • Sam Thursfield: Calliope, slowly building steam

    There are some interesting complexities to this, and in 12 hours of hacking I didn’t solve them all. Firstly, Bandcamp artist and album names are not normalized. Some artist names have spurious “The”, some album names have “(EP)” or “(single)” appended, so they don’t match your tags. These details are of interest only to librarians, but how can software tell the difference? The simplest approach is use Musicbrainz, specifically cpe musicbrainz resolve-ids. By comparing ids where possible we get mostly good results. There are many albums not on Musicbrainz, though, which for now turn up as false positives. Resolving Musicbrainz IDs is a tricky process, too — how do we distinguish Multi-Love (album) from Multi-Love (single) if we only have an album name? If you want to try it out, great! It’s still aimed at hackers — you’ll have to install from source with Meson and probably fix some bugs along the way. Please share the fixes!

  • Neovide Is A Graphical Neovim Client Written In Rust

    Neovide is a really cool GUI client for Neovim. Although it essentially functions like Neovim in the terminal, Neovide does add some nice graphical improvements such as cursor animations and smooth scrolling. It even has me thinking about making it my new "vim" alias.

Linux 5.11.13, 5.10.29, 5.4.111, 4.19.186, 4.14.230, 4.9.266, and 4.4.266

Get involved with Mageia, become a Packager

With Mageia 8 just released and development for Mageia 9 getting underway in Cauldron, the unstable branch of Mageia, now is a great time to get involved with packaging. We are starting to look at the features that we want to include for Mageia 9, and as it is so early in the development cycle, now is the time for major developments, or big updates to key pieces of software. This is a great time to join the project as you can propose features you would like to see, help to implement large changes or see how a distribution evolves through development, stabilisation and then is released. If there is an application that you are interested in, if you want to help maintain part of the distribution, or if you want to learn something new, there are many opportunities to do so with the packaging team. Read more

Google does not want you to tell your players about your donation page

I recently updated Pixel Wheels banner image on Google Play. That triggered a review of the game: shortly after the update I received a message telling me Pixel Wheels was "not compliant with Google Play Policies". What nefarious activity does the game engage in? Sneak on users? Mine bitcoins? [...] Meanwhile you can still get the game from F-Droid or itch.io, since they do not have a problem with a link to a donation page. Read more