Microsoft - Linux: Almost the entire Linux development project is open. Almost. One of the few exceptions is when companies or hackers reveal security vulnerabilities to Linux developers.
In these cases, these issues are revealed for the first time in closed mailing lists.
So now Microsoft, which now has its own Linux distributions, has applied to join this private security list.
This list, (linux-distros), includes developers from FreeBSD, NetBSD, and most of the major Linux distributors. For example, mailing lists can be viewed by developers of Canonical, Debian, Red Hat, SUSE, but also cloud services such as Amazon Web Services (AWS) and Oracle.
The purpose of this mailing list is to "report and discuss security issues that have not yet been made public (but will be made public very soon)".
How soon; List administrators state that security vulnerabilities discovered should be kept private for no more than 14 days after their disclosure. Security issues that have already been publicly discussed are discussed in OSS-Security mailing list.
Sasha Levin, developer of the Microsoft Linux kernel - yes, there are - asked for access to Microsoft because, in short, the Microsoft is a Linux distributor.
In particular, Microsoft provides many distro-type builds that do not exist in an existing distribution and are based on open source components.
These are:
- Azure Sphere: for IoT devices. It is Linux based and provides, among other things, security updates for IoT devices.
- Windows Subsystem for Linux v2: Linux-based and works like a virtual machine on Windows computers. WSL2 is currently available for public viewing and is scheduled for public release in early 2020.
- Products like Azure HDInsight and the service Azure Kubernetes provide public access to a Linux-based distribution.
In addition, Levin stated:
Microsoft has a long history of dealing with security issues through the [Microsoft Security Response Center] MSRC. We are able to create fast (<1-2 hours) results but require extensive testing and validation before creating these structures. As members of this mailing list we will provide assistance and have access to extensive testing.
All of this seems to make sense. Levin also revealed that the use of Linux in our cloud is outdated (with Windows), as as a by-product of MSRC it has begun receiving security reports on Linux issues from both users and vendors. It is also a fact that there are issues that are common to Windows and Linux. ”
Greg Kroah-Hartman, one of the leading Linux kernel developers, is said to have sponsored Levin.
"He has been a kernel programmer for many years and has helped steady kernel releases. It has full subscription rights to the fixed channels of the kernel ".
However, there are some people who still see Microsoft as an enemy of Linux, even though Microsoft now claims to be a Linux development partner.
A vote is expected on whether to accept Microsoft's request in the coming days. We will be surprised if Microsoft is not accepted in the list.
_________________________
- WiFi view the stored codes in Windows
- Canonical will support 32-bit libraries in Ubuntu
- Bill Gates the biggest mistake ever ever: Android