Why did Google and the Linux Foundation announce that they would hire two security developers full-time, and bothered to increase the number of two?



The Linux Foundation, a non-profit organization that supports the spread of Linux, plans to appoint Gustavo Silva and Nathan Chancellor as full-time

maintainers for security development of the Linux kernel in collaboration with Google on February 24, 2021. Announced.

Google Funds Linux Kernel Developers to Focus Exclusively on Security --Linux Foundation
https://www.linuxfoundation.org/en/press-release/google-funds-linux-kernel-developers-to-focus-exclusively-on-security/

Google funds Linux kernel developers to work exclusively on security | ZDNet
https://www.zdnet.com/article/google-funds-linux-kernel-developers-to-work-exclusively-on-security/

'We're finding bugs way faster than we can fix them': Google sponsors 2 full-time devs to improve Linux security • The Register
https://www.theregister.com/2021/02/24/google_ups_linux_security_effort/

According to the Linux Foundation, Linux, an open source software, is supported by more than 20,000 contributors, and in August 2020, the total number of code commits in the Linux kernel exceeded 1 million . thing.



However, in a (PDF file)

report jointly published by the Linux Foundation's Open Source Security Foundation (OpenSSF) and the Harvard University Institute for Innovation Science (LISH) , 'Open source software developers are interested in security. It is low, 'and the need to improve the security of open source projects has been pointed out.

So the Linux Foundation and Google have announced that Silva and Chancellor will be the two maintainers to develop the security of the Linux kernel full-time.

Silva has been involved in Linux development for some time, including creating the first kernel patch in 2010, and at the time of writing, he played a central role in the Kernel Self-Protection Project (KSPP) . Silva is one of the most active kernel developers since 2017, with over 2000 commits on the mainline Linux kernel.

In addition, Chancellor has been involved in ' ClangBuiltLinux ', a project to build Linux with a compiler called Clang , since 2019, and will continue to work on bug fixes for Clang and LLVM compilers even after this appointment.



Regarding the significance of announcing the appointment of both people who have been deeply involved in Linux development for a long time, Google software engineer Dan Lorenc said, 'Google has long been a member of the Linux Foundation and sponsored the Linux kernel. This attempt aims to encourage the active involvement of other companies and expand this model by funding two people working to improve the security of Linux full-time from Google. ' Explains.

In a statement, Chancellor said, 'I hope more people will take advantage of the LLVM compiler infrastructure project and help improve the kernel. If this happens, it will improve the security of all Linux users. It will be a great help, 'commented. 'We're working towards building a high-quality kernel that's reliable, robust, and attack-resistant,' said Silva. 'We will continue to ensure that maintainers don't get universal errors in their code.' We hope that you will recognize the importance of making significant improvements, 'he emphasized the importance of security.

in Software,   Security, Posted by log1l_ks