Microsoft bids for behind-the-scenes access to Linux flaws

Request to join security lists come as the firm reveals Linux usage on Azure VMs outweighs Windows usage

Open Source

Microsoft has applied to join two security boards for representatives of Linux distributions to discuss and coordinate vulnerabilities and security issues.

The linux-distros mailing list is used as a private channel where developers can discuss flaws in Linux systems and co-ordinate fixes for issues that have not yet reached the public domain. The oss-security group is used to discuss vulnerabilities that are already known.

Microsoft's 'Linux Kernal Hacker' Sasha Levin sent an application to join the security boards last week, which could see the Windows developer to be a party to behind-closed-doors conversations on ongoing security issues.

Members of this community include Chrome OS, Red Hat, Oracle, SUSEand Amazon Linux AMI.

There are several criteria that organisations need to meet to join the linux-distros group. For example, Levin cited Azure Sphere and Windows Subsystem for Linux v2 as examples of the company actively maintaining Unix-like operating system distro with open source components.

Successful applications must also have a userbase that isn't limited to their own organisation, which Microsoft said it fits through millions of cores its customers run on systems such as those aforementioned.

Organisations must also be able to demonstrate at least a year-long track record of fixing vulnerabilities, including some on Linux distros, and releasing fixes for known issues within 10 days or fewer.

Applications would also have to gain the recommendation of an individual who has been active on oss-security of years but is not affiliated with the organisation. Levin copied in renowned Linux developer Greg Kroah-Hartman, who replied separately in the email chain to vouch for Microsoft's submission.

"I can vouch for Sasha," Kroah-Hartman said. "He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees.

"I also suggested that Microsoft join linux-distros a year or so ago when it became evident that they were becoming a Linux distro, and it is good to see that they are now doing so."

Microsoft has shifted towards embracing Linux technology and open source principles over the last few years, and increasingly under CEO Satya Nadella's leadership. This is after its former CEO Steve Ballmer infamously referred to Linux as a "malignant cancer" and "communism" almost 20 years ago.

A significant change happened a decade ago when Microsoft released 20,000 lines of code to the Linux open source community. This led the executive director of the Linux Foundation Jim Zemlin to declare at the time that "hell has frozen over".

To demonstrate how much Linux popularity has surged in recent years, Sasha Levin added in a further message to the email chain that the usage of this technology on Microsoft's Azure cloud services has now surpassed Windows. This is just two years after Microsoft said that 40% of virtual machines in Azure are running Linux.

As a result of this increased usage, Microsoft's security centre has started receiving a higher volume of security reports of issues with Linux code from users and from vendors.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Best Linux distros 2021
operating systems

Best Linux distros 2021

26 Feb 2021
Golang XML parser vulnerability could enable SAML authentication bypass
vulnerability

Golang XML parser vulnerability could enable SAML authentication bypass

15 Dec 2020
How to automate your infrastructure with Ansible
automation

How to automate your infrastructure with Ansible

2 Dec 2020
The IT Pro Podcast: What COVID-19 can teach us about open data
Data & insights

The IT Pro Podcast: What COVID-19 can teach us about open data

30 Oct 2020

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021