At the recent Open Source Summit (OSS) Japan 2023, Greg Kroah-Hartman, Linux stable kernel maintainer and member of the kernel security team, discussed the “evolving landscape of open source software security” and explained how the Linux kernel developers' security team approaches issues, reports Steven J. Vaughan-Nichols.
“To people on the security team, a bug is a bug is a bug,” Kroah-Hartman says. “There's nothing special about security fixes. And if we call out security fixes as being special, that implies that other fixes are not special. Any bug has the potential of being a security issue at the kernel level."
Kroah-Hartman also noted that while the "Linux kernel has about 30 million lines of code, you only use about two million lines in your server, 4 million in your phone, and one and a half million in your TV. But we don't know what you're using… We don't know your use case. We don't know how you're using Linux. We don't know what the security model is." Therefore, everything and anything must be considered essential.
To protect your system and prevent issues, Kroah-Hartman stressed that you should always use the latest long-term stable (LTS) kernel, Vaughan-Nichols says.
Read more highlights from Kroah-Hartman's talk at ZDNet.
Looking for a job?
Sign up for job alerts and check out the latest listings at Open Source JobHub.