Google and the Linux Foundation have announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a well-known kernel developer on our forums. The two developers will spend their time improving kernel security and related initiatives.
The news comes on the heels of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) who recently published an open source survey report identifying the need for additional work on the field of security in open source. software. In a press release, the Linux Foundation said that Google’s contribution to endorsing two full-time security administrators highlights the importance of maintaining the integrity of open-source software.
“At Google, security is always paramount and we understand the critical role it plays in the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer at Google. “We are honored to support the efforts of both Gustavo Silva and Nathan Chancellor in enhancing the security of the Linux kernel.”
Chancellor, who has been submitting patches for the Linux kernel for four and a half years, will focus on investigating and fixing bugs found in Clang / LLVM compilers. He will also start adding functions and polishing the kernel using these compilers.
“I hope more and more people will start using the LLVM compiler infrastructure project and contribute fixes to it and the kernel – it will go a long way towards improving Linux security for everyone,” Chancellor said.
Silva, meanwhile, is devoting its Linux security work to eliminating different classes of buffer overflows by converting all zero-length instances and single-element arrays into flexible array members. Silva will also spend his time fixing bugs before they hit the mainline.
“It is extremely important to ensure the security of the Linux kernel as it is a vital part of modern computers and infrastructure. It requires that we all help in every possible way to ensure it is sustainably safe, ”said David A. Wheeler, the Linux Foundation. “We especially thank Google for endorsing Gustavo and Nathan’s Linux kernel security development work, along with a thank you to all the administrators, developers, and organizations who have made the Linux kernel a global joint success.”
Previously, Google and the Linux Foundation have independently committed to helping open source projects manage their trademarks.