Microsoft – Linux: Almost the entire Linux development project is open source. Almost. One of the few exceptions is when companies or hackers reveal vulnerabilities security to Linux developers.
In these cases, these issues are revealed for the first time in closed mailing lists.
So now Microsoft, which now has its own Linux distributions, has applied to join this private security list.
This list, (linux-distros), includes developers from FreeBSD, the NetBSD and most of the major Linux distributions. For example, the mailing list can be seen by developers of Canonical, Debian, Red Hat, SUSE distributions, but also cloud services such as Amazon Web Services (AWS) and Oracle.
The purpose of this mailing list is to "report and discuss security issues that have not yet been made public (but will be made public very soon)".
How soon; List administrators state that security vulnerabilities discovered should be kept private for no more than 14 days after their disclosure. Security issues that have already been publicly discussed are discussed in OSS-Security mailing list.
Sasha Levin, developer of the Microsoft Linux kernel - yes, there are - asked for access to Microsoft because, in short, the Microsoft is a Linux distributor.
In particular, Microsoft provides many distro-type builds that do not exist in an existing distribution and are based on open source components.
These are:
- Azure Sphere: for IoT devices. It is Linux based and provides, among other things, security updates for IoT devices.
- Windows Subsystem for Linux v2: It is based on Linux and works like a virtual one machine on Windows computers. WSL2 is currently available for public viewing and is scheduled for public release in early 2020.
- Products like Azure HDInsight and the service Azure Kubernetes provide public access to a Linux-based distribution.
In addition, Levin stated:
Η Microsoft έχει εδώ και δεκαετίες μακρά ιστορία αντιμετώπισης ζητημάτων ασφαλείας μέσω του [Microsoft Security Response Center] MSRC. Είμαστε σε θέση να δημιουργήσουμε γρήγορα (αποτελέσματα αλλά απαιτούμε εκτεταμένες δοκιμές και επικύρωση, πριν δημιουργήσουμε αυτές τις δομές. Ως μέλη αυτής της λίστας αλληλογραφίας θα παράσχουμε βοήθεια και θα έχουμε την δυνατότητα για εκτεταμένες δοκιμές.
All of this seems to make sense. Levin also revealed that the use of Linux in our cloud is outdated (with Windows), as as a by-product of MSRC it has begun receiving security reports on Linux issues from both users and vendors. It is also a fact that there are issues that are common to Windows and Linux. ”
Greg Kroah-Hartman, one of the leading Linux kernel developers, is said to have sponsored Levin.
"He has been a kernel programmer for many years and has helped steady kernel releases. It has full subscription rights to the fixed channels of the kernel ".
However, there are some people who still see Microsoft as an enemy of Linux, even though Microsoft now claims to be a Linux development partner.
A vote is expected on whether to accept Microsoft's request in the coming days. We will be surprised if Microsoft is not accepted in the list.
_________________________
- WiFi view the stored codes in Windows
- Canonical will support 32-bit libraries in Ubuntu
- Bill Gates the biggest mistake ever ever: Android
