Microsoft bids for behind-the-scenes access to Linux flaws

Request to join security lists come as the firm reveals Linux usage on Azure VMs outweighs Windows usage

Open Source

Microsoft has applied to join two security boards for representatives of Linux distributions to discuss and coordinate vulnerabilities and security issues.

The linux-distros mailing list is used as a private channel where developers can discuss flaws in Linux systems and co-ordinate fixes for issues that have not yet reached the public domain. The oss-security group is used to discuss vulnerabilities that are already known.

Advertisement - Article continues below

Microsoft's 'Linux Kernal Hacker' Sasha Levin sent an application to join the security boards last week, which could see the Windows developer to be a party to behind-closed-doors conversations on ongoing security issues.

Members of this community include Chrome OS, Red Hat, Oracle, SUSEand Amazon Linux AMI.

There are several criteria that organisations need to meet to join the linux-distros group. For example, Levin cited Azure Sphere and Windows Subsystem for Linux v2 as examples of the company actively maintaining Unix-like operating system distro with open source components.

Successful applications must also have a userbase that isn't limited to their own organisation, which Microsoft said it fits through millions of cores its customers run on systems such as those aforementioned.

Organisations must also be able to demonstrate at least a year-long track record of fixing vulnerabilities, including some on Linux distros, and releasing fixes for known issues within 10 days or fewer.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Applications would also have to gain the recommendation of an individual who has been active on oss-security of years but is not affiliated with the organisation. Levin copied in renowned Linux developer Greg Kroah-Hartman, who replied separately in the email chain to vouch for Microsoft's submission.

"I can vouch for Sasha," Kroah-Hartman said. "He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees.

"I also suggested that Microsoft join linux-distros a year or so ago when it became evident that they were becoming a Linux distro, and it is good to see that they are now doing so."

Microsoft has shifted towards embracing Linux technology and open source principles over the last few years, and increasingly under CEO Satya Nadella's leadership. This is after its former CEO Steve Ballmer infamously referred to Linux as a "malignant cancer" and "communism" almost 20 years ago.

Advertisement - Article continues below

A significant change happened a decade ago when Microsoft released 20,000 lines of code to the Linux open source community. This led the executive director of the Linux Foundation Jim Zemlin to declare at the time that "hell has frozen over".

To demonstrate how much Linux popularity has surged in recent years, Sasha Levin added in a further message to the email chain that the usage of this technology on Microsoft's Azure cloud services has now surpassed Windows. This is just two years after Microsoft said that 40% of virtual machines in Azure are running Linux.

As a result of this increased usage, Microsoft's security centre has started receiving a higher volume of security reports of issues with Linux code from users and from vendors.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/operating-systems/28025/best-linux-distros-2019-the-finest-open-source-operating-systems-around
operating systems

Best Linux distros 2019

24 Dec 2019
Visit/cloud/33999/ibm-doubles-down-on-red-hat-independence
Cloud

IBM doubles down on Red Hat independence

10 Jul 2019
Visit/linux/33583/red-hat-enterprise-linux-8-launches-with-simplified-multicloud-tools
Linux

Red Hat launches Enterprise Linux 8

7 May 2019

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020