Microsoft bids for behind-the-scenes access to Linux flaws

Request to join security lists come as the firm reveals Linux usage on Azure VMs outweighs Windows usage

Open Source

Microsoft has applied to join two security boards for representatives of Linux distributions to discuss and coordinate vulnerabilities and security issues.

The linux-distros mailing list is used as a private channel where developers can discuss flaws in Linux systems and co-ordinate fixes for issues that have not yet reached the public domain. The oss-security group is used to discuss vulnerabilities that are already known.

Advertisement - Article continues below

Microsoft's 'Linux Kernal Hacker' Sasha Levin sent an application to join the security boards last week, which could see the Windows developer to be a party to behind-closed-doors conversations on ongoing security issues.

Members of this community include Chrome OS, Red Hat, Oracle, SUSEand Amazon Linux AMI.

There are several criteria that organisations need to meet to join the linux-distros group. For example, Levin cited Azure Sphere and Windows Subsystem for Linux v2 as examples of the company actively maintaining Unix-like operating system distro with open source components.

Successful applications must also have a userbase that isn't limited to their own organisation, which Microsoft said it fits through millions of cores its customers run on systems such as those aforementioned.

Organisations must also be able to demonstrate at least a year-long track record of fixing vulnerabilities, including some on Linux distros, and releasing fixes for known issues within 10 days or fewer.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Applications would also have to gain the recommendation of an individual who has been active on oss-security of years but is not affiliated with the organisation. Levin copied in renowned Linux developer Greg Kroah-Hartman, who replied separately in the email chain to vouch for Microsoft's submission.

"I can vouch for Sasha," Kroah-Hartman said. "He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees.

"I also suggested that Microsoft join linux-distros a year or so ago when it became evident that they were becoming a Linux distro, and it is good to see that they are now doing so."

Microsoft has shifted towards embracing Linux technology and open source principles over the last few years, and increasingly under CEO Satya Nadella's leadership. This is after its former CEO Steve Ballmer infamously referred to Linux as a "malignant cancer" and "communism" almost 20 years ago.

Advertisement - Article continues below

A significant change happened a decade ago when Microsoft released 20,000 lines of code to the Linux open source community. This led the executive director of the Linux Foundation Jim Zemlin to declare at the time that "hell has frozen over".

To demonstrate how much Linux popularity has surged in recent years, Sasha Levin added in a further message to the email chain that the usage of this technology on Microsoft's Azure cloud services has now surpassed Windows. This is just two years after Microsoft said that 40% of virtual machines in Azure are running Linux.

As a result of this increased usage, Microsoft's security centre has started receiving a higher volume of security reports of issues with Linux code from users and from vendors.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/operating-systems/28025/best-linux-distros-2020
operating systems

Best Linux distros 2020

18 May 2020
Visit/cloud/33999/ibm-doubles-down-on-red-hat-independence
Cloud

IBM doubles down on Red Hat independence

10 Jul 2019

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/laptops/34623/how-to-connect-one-two-or-more-monitors-to-your-laptop-including-usb-type-c
Laptops

How to connect one, two or more monitors to your laptop

29 Jun 2020