Google slams Linux kernel, says it needs major security investment

News
By published

Downstream vendors should allocate more resources to the upstream kernel, suggests Google

Linux
(Image credit: Image Credit: Pixabay)

Google has highlighted what it says are shortcomings in the Linux kernel from a security perspective, and the issues these create for downstream vendors who roll the kernel into products.

In a blog post, Kees Cook from Google’s Open Source Security Team compares the Linux kernel to the US automotive industry of the 1960s in order to drive home the point that while the kernel runs flawlessly, when it fails, it falls apart miserably.

“The huge community surrounding Linux allows it to do amazing things and run smoothly. What's still missing, though, is sufficient focus to make sure that Linux fails well too,” wrote Cook.

Cook states he believes the problem is two-pronged. First, Linux needs to invest to make sure its code is robust, which will ensure that bugs don’t manifest at the rate that they do currently. But when they do, they should also be handled in a more efficient manner than the current arrangement.

Calling all downstream vendors

Sharing the “sobering” statistics, Cook says that the stable bug-fix only release of the kernel comes out with about 100 new fixes every week. This leaves downstream vendors with three choices; either to ignore all fixes, prioritize the “important” ones, or apply them all.

Highlighting the issues with all three strategies, he says that the only real option, from a security point of view, is to apply all fixes. This option however presents an engineering nightmare for vendors.

Instead Cook suggests that rather than individual vendors applying the fixes, greater onus should be laid on increasing upstream collaboration. He suggests various mechanisms including introducing more automated testing, continuous integration, and other steps to streamline the kernel’s development process.

“Instead of testing kernels after they're released, it's more effective to test during development,” suggests Cook, asking downstream vendors to infuse at least a 100 more engineers to work on the upstream kernel.

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
Security
Intel slams Nvidia and AMD, claims chip giants have huge numbers of security flaws
Google Chrome
Linux Foundation brings together top browser makers for more "open" approach
Facebook on laptop
Facebook is blocking Linux topics and channels with no apparent reason
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Cyber-security
Empowering developers with cutting-edge security training
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.

A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
See more latest
Most Popular
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand