In 2016, Linux happily turned 25 years old. It started as a project for students and is everywhere: from smartphones, supercomputers, web servers and cloud boxes, even in the latest smart cars.
Even the exception, the final user, is moving towards Linux, considering that Android is currently the most popular mobile operating system. In addition, Chromebooks are becoming more and more popular.
Even traditional Linux desktops such as Arch, Debian, Fedora, openSUSE, MintAnd Ubuntu they seem to be gaining ground. Of course, the Linux desktop market share is still very small compared to other operating systems, although Linux users have always been.
On the other hand, almost all web pages and too many Software-as-a-Service (SaaS) run on with this particular operating system.
Even Microsoft is reportedly making a penetration of the penguin, since the year we passed it became an official member Linux Foundation.
So, with everything that happens last, why worry?
Because now any hacker who is a real hacker and not just some script-kiddie can bash Linux as open-source, hunting vulnerable points.
The leader of the open-source community Eric S. Raymond pointed out years ago in Linus's Law, that: "having enough eyes bugs will not exist" in a free translation of "Given enough eyeballs all bugs are shallow ”. This is one of the basic concepts that made open source functional to have the success it has today as it strengthens open source software.
But it only works if there are enough eyes looking for it errors to fix the code. The estimates of the number of errors per thousand lines of code (KLOC) ranges from 15 to 50 Mistakes per KLOC and in three if the code has been very rigorously checked and tested. The Linux kernel alone today comes with over 16 million lines of code. Make the bill….
2016 and we have seen two big Linux security flaws to be skipped before they are fixed. These voids were in LUKS disk encryption and Dirty Cow, a problem in Linux memory. There were also other minor bugs in Linux, 2016, but in honor of the developers, these problems were repaired almost as soon as they appeared.
In fixing code problems, Linux has broken all records, and the support provided is far superior and much more direct than that of Apple, Microsoft, or any other provider of closed source software.
But let's make the bills:
There are at least 3.000 bugs that need to be discovered and fixed…
There are, of course, leading Linux security developers who are responsible for hunting these bugs. There are instructions on how to report errors when you find them. But there are never enough developers to fix even the reported bugs.
One of the leaders of Linux Jon "Maddog" Hall noticed a few years ago:
"Some people argue that Free Software has unlimited resources but every product or project is limited in resources one way or another. The number of people who can work in free software is limited to the people who have the ability, time and willingness to contribute. ”
When he wrote that in 2009, that many users of the operating system are also developers, it may have been but this is no longer the case. Yes, many developers use the operating system, but there are hundreds of millions of "users" who could not tell the difference between Java and JavaScript, let alone fix an error.
At the same time, hackers are more motivated than ever to break open source operating systems. Irish developer Donncha O'Cearbhaill, who recently revealed two bugs in the Ubuntu desktop Reported, that they made him an offer of $ 10.000 from a malware company.
"These financial incentives only increase when software becomes more secure and bugs are harder to detect," he said.
As you can see from above, the popular open source operating system has gained great power. And because great power is also a big responsibility, developers will have to take over to maintain its security.
The idea of publication came from ZDNet and the article by Steven J. Vaughan-Nichols