Google Calls On Companies To Devote More Engineers To Upstream Linux, Toolchains

Written by Michael Larabel in Google on 3 August 2021 at 12:00 PM EDT. 39 Comments
GOOGLE
Longtime kernel developer Kees Cook of the Google Security Team published a post on Google's Security Blog today effectively calling for more organizations to devote a greater number of engineers to the upstream Linux kernel in order to improve open-source security.

In addition to Google backing the Rust initiative for the Linux kernel, they also acknowledge there is a manpower issue.

The post notes that stable Linux kernel releases see close to 100 new fixes each week, but given that rate of change vendors are not always picking up the latest fixes or in some cases just trying to cherry-pick the "important" fixes. Besides acknowledging the need for more upstream kernel developers, the post also encourages vendors to go the route of chasing the latest Linux stable or LTS kernel releases in order to incorporate all fixes.

The Google Security Blog post calls for more engineers to fix bugs earlier, more engineers are needed for code review, more engineers are also needed to work on testing and infrastructure around the kernel, and there is also an engineer shortage when it comes to working on security and compiler toolchain development.

Google's conservative estimates put the Linux kernel and its toolchains being "underinvested by at least 100 engineers, so it's up to everyone to bring their developer talent together upstream. This is the only solution that will ensure a balance of security at reasonable long-term cost."

Their post in full should now be live on the Google Security Blog.
39 Comments
Related News
Google Announces Axion ARM-Based CPUs For The Cloud
Google's Jpegli Offers ~35% Compression Improvement For High Quality JPEGs
Google Making $1M USD Investment To Improve Rust & C++ Interoperability
Chrome 121 Adds New CSS & WebGPU Features
The Mainline Linux Kernel To Finally Support The Google Tensor GS101 SoC & Pixel 6
Chrome 120 Released With Theora Support Evaporating, Adds WebGPU & CSS Improvements
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds