Google has highlighted what it says are shortcomings within the Linux kernel from a security perspective, and the problems these create for downstream distributors who roll the kernel into merchandise.
In a weblog submit, Kees Cook from Google’s Open Source Security Team compares the Linux kernel to the US automotive trade of the Nineteen Sixties so as to drive residence the purpose that whereas the kernel runs flawlessly, when it fails, it falls aside miserably.
“The huge community surrounding Linux allows it to do amazing things and run smoothly. What's still missing, though, is sufficient focus to make sure that Linux fails well too,” wrote Cook.
Cook states he believes the issue is two-pronged. First, Linux needs to speculate to ensure its code is strong, which can make sure that bugs don’t manifest on the charge that they do presently. But once they do, they need to even be dealt with in a extra environment friendly method than the present association.
Calling all downstream distributors
Sharing the “sobering” statistics, Cook says that the steady bug-fix solely launch of the kernel comes out with about 100 new fixes each week. This leaves downstream distributors with three decisions; both to disregard all fixes, prioritize the “important” ones, or apply all of them.
Highlighting the problems with all three methods, he says that the one actual choice, from a security viewpoint, is to use all fixes. This choice nonetheless presents an engineering nightmare for distributors.
Instead Cook means that quite than particular person distributors making use of the fixes, higher onus needs to be laid on growing upstream collaboration. He suggests varied mechanisms together with introducing extra automated testing, steady integration, and different steps to streamline the kernel’s improvement course of.
“Instead of testing kernels after they're released, it's more effective to test during development,” suggests Cook, asking downstream distributors to infuse no less than a 100 extra engineers to work on the upstream kernel.
Source {link}