Tux - the Linux kernel mascotOn Wednesday the Linux Foundation and Google announced that Google would be funding two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor.

Silva and Chancellor’s will focus on maintaining and improving kernel security, as well as associated initiatives to ensure the continuing viability of the world’s most pervasive open source software project.

The Linux Foundation’s Open Source Security Foundation (OpenSSF) and Harvard University’s Laboratory for Innovation Science (LISH) recently published an open source contributor survey report that identified a need for additional work on security in open source software, including the Linux operating system. Linux has more than 20,000 contributors. While there are thousands of Linux kernel developers, all of whom take security into consideration in their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security for the future of open source software.

“At Google, security is always top of mind and we understand the critical role it plays to the sustainability of open source software,” said Dan Lorenc, Staff Software Engineer for Google. “We’re honored to support the efforts of both Gustavo Silva and Nathan Chancellor as they work to enhance the security of the Linux kernel.”

Chancellor’s work will be focused on triaging and fixing all bugs found with Clang/LLVM compilers while working on establishing continuous integration systems to support this work. Once those aims are well-established, he plans to begin adding features to the kernel using these compiler technologies. Chancellor has been a kernel developer for over 4 years.

Gustavo Silva’s full-time Linux security work is currently dedicated to eliminating several classes of buffer overflows. In addition, he is actively focusing on fixing bugs before they hit the mainline and has been contributing to kernel development since 2010.

Funding Linux kernel security and development is a collaborative effort, supported by the world’s largest companies that depend on the Linux operating system. To support work like this, discussions are taking place in the Securing Critical Projects Working Group inside the OpenSSF.