Google Calls On Companies To Devote More Engineers To Upstream Linux, Toolchains

Written by Michael Larabel in Google on 3 August 2021 at 12:00 PM EDT. 39 Comments
GOOGLE
Longtime kernel developer Kees Cook of the Google Security Team published a post on Google's Security Blog today effectively calling for more organizations to devote a greater number of engineers to the upstream Linux kernel in order to improve open-source security.

In addition to Google backing the Rust initiative for the Linux kernel, they also acknowledge there is a manpower issue.

The post notes that stable Linux kernel releases see close to 100 new fixes each week, but given that rate of change vendors are not always picking up the latest fixes or in some cases just trying to cherry-pick the "important" fixes. Besides acknowledging the need for more upstream kernel developers, the post also encourages vendors to go the route of chasing the latest Linux stable or LTS kernel releases in order to incorporate all fixes.

The Google Security Blog post calls for more engineers to fix bugs earlier, more engineers are needed for code review, more engineers are also needed to work on testing and infrastructure around the kernel, and there is also an engineer shortage when it comes to working on security and compiler toolchain development.

Google's conservative estimates put the Linux kernel and its toolchains being "underinvested by at least 100 engineers, so it's up to everyone to bring their developer talent together upstream. This is the only solution that will ensure a balance of security at reasonable long-term cost."

Their post in full should now be live on the Google Security Blog.
39 Comments
Related News
Google Preparing To Rollout Stable Chrome Releases Even Faster
Google Announces C3A Instances Coming, Powered By AmpereOne CPUs
Linux 6.6 To Support Rumble / Force Feedback On Google Stadia Controllers
Chrome 116 Released With Document Picture-In-Picture API
Go 2 For "Breaking With The Past" Will Never Come
Google May Reconsider JPEG-XL Image Support Within Chrome
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
PipeWire 1.0 Planned For Release Later This Year
Linux's Multi-Grain Timestamps Short-Lived: Removed From The Kernel After A Few Weeks
Linux 6.7 Adding New Feature To Btrfs For The Steam Deck
Firefox 118 Available With Performance Improvements, Automated Translations
Reminder: The 2023 Phoronix Premium Oktoberfest/Autumn Special
Counter-Strike 2 Now Available With An Initial Linux Build
The Servo Browser Engine Has Been Making Great Progress In 2023
"Open-Source Windows" ReactOS To See Improved GUI Setup/Installation