Google and the Linux Foundation have announced plans to provide funds to two Linux kernel security developers, one of whom is Nathan Chancellor, a known kernel developer on our forums. The two developers will focus their time on improving kernel security and associated initiatives.
The news comes in the wake of the Linux Foundation’s Open Source Security Foundation (OpenSSF) and Harvard’s Science of Innovation Laboratory (LISH) recently publishing a research report by open source contributors that identified the need for additional security work open source Programs. In a press release, the Linux Foundation said that Google’s contribution by subscribing to two full-time security maintainers signals how important it is to maintain the integrity of open source software.
“At Google, security is always first and we understand the critical role it plays in the sustainability of open source software,” said Dan Lorenc, Google Software Engineer. “We are honored to support the efforts of Gustavo Silva and Nathan Chancellor as they work to improve the security of the Linux kernel.”
Chancellor, who has been working to send patches to the Linux kernel for four and a half years, will focus on screening and fixing bugs found in the Clang / LLVM compilers. It will also begin to add features and improve the kernel using these compilers.
“I hope that more and more people will start using the LLVM compiler infrastructure project and contribute fixes for it and the kernel – it will do a lot to improve Linux security for everyone,” said Chancellor.
Silva, meanwhile, has dedicated his Linux security work to eliminating several classes of buffer overflows, turning all instances of zero-length arrays and one element into flexible array members. Silva will also focus his time on fixing bugs before they reach the main line.
“Ensuring the security of the Linux kernel is extremely important, as it is a critical part of the infrastructure and modern computing. It requires that we all help in every possible way to ensure that it is safe and sustainable, ”said David A. Wheeler of the Linux Foundation. “We extend a special thanks to Google for subscribing to Gustavo and Nathan’s Linux kernel security development work, along with thanks to all the maintainers, developers and organizations that have made the Linux kernel a global collaborative success.”
Previously, Google and the Linux Foundation independently pledged to help open source projects manage their trademarks.