Google will sponsor a pair of developers to work full-time on bolstering the security of Linux.
The developers in question, Gustavo Silva and Nathan Chancellor, are being tasked with improving and maintaining the Linux security kernel in a wider effort by Google to address vulnerabilities in the open-source software landscape.
Silva will focus on “eliminating several classes of buffer overflows” as well as fixing bugs and developing defense mechanisms for the Linux kernel, The Linux Foundation said. Meanwhile, Chancellor’s work will focus on triaging and fixing all bugs found with Clang/LLVM compilers.
“I hope that more and more people will start to use the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” said Chancellor.
The move comes roughly six months after the formation of
the Open Source Security Foundation (OpenSSF),
a collective of big tech industry players working to improve the security of open-source software as it becomes pervasive in big industry applications, including data centers and critical infrastructure.
A report published by OpenSSF and the Laboratory for Innovation Science at Harvard last year suggested that much more work was needed in improving the security of open-source software.
The survey, based on the responses of nearly 1,200 free and open-source software (FOSS) contributors, found that contributors spent
less than 3% of their time on security issues
Google, of course, has a lot invested in open-source, and its commitment to underwrite the salaries of two full-time security maintainers for Linux shows the company is eager to cement the OS’s reputation as a secure and sustainable platform.
According to The Linux Foundation, there are now more than 20,000 contributors working on Linux. As of August 2020, there had been one million commits.
Google hopes other companies and contributors will follow suit in making the security of the Linux kernel a priority going forward.
“We are working towards building a high-quality kernel that is reliable, robust and more resistant to attack every time,” said Silva.
“Through these efforts, we hope people, maintainers in particular, will recognize the importance of adopting changes that will make their code less prone to common errors.”