Google Calls On Companies To Devote More Engineers To Upstream Linux, Toolchains

Written by Michael Larabel in Google on 3 August 2021 at 12:00 PM EDT. 39 Comments
GOOGLE
Longtime kernel developer Kees Cook of the Google Security Team published a post on Google's Security Blog today effectively calling for more organizations to devote a greater number of engineers to the upstream Linux kernel in order to improve open-source security.

In addition to Google backing the Rust initiative for the Linux kernel, they also acknowledge there is a manpower issue.

The post notes that stable Linux kernel releases see close to 100 new fixes each week, but given that rate of change vendors are not always picking up the latest fixes or in some cases just trying to cherry-pick the "important" fixes. Besides acknowledging the need for more upstream kernel developers, the post also encourages vendors to go the route of chasing the latest Linux stable or LTS kernel releases in order to incorporate all fixes.

The Google Security Blog post calls for more engineers to fix bugs earlier, more engineers are needed for code review, more engineers are also needed to work on testing and infrastructure around the kernel, and there is also an engineer shortage when it comes to working on security and compiler toolchain development.

Google's conservative estimates put the Linux kernel and its toolchains being "underinvested by at least 100 engineers, so it's up to everyone to bring their developer talent together upstream. This is the only solution that will ensure a balance of security at reasonable long-term cost."

Their post in full should now be live on the Google Security Blog.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week