Application security, DevSecOps, Network Security

Google funds two Linux Foundation security roles

Share
The Manhattan Google headquarters is seen on January 25, 2021 in New York City.  (Photo by Michael M. Santiago/Getty Images)

Google is underwriting two Linux kernel security positions through the Linux Foundation, the company announced Wednesday.

The effort support Google's strategy "to help support the critical open source projects that we're relying on," Google software engineer Dan Lorenc told SC Media.

"We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside."

Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.

Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.

This announcement comes less than a month after Google proposed base security standards for critical open-source packages, recognizing that open-source code accounts for a tremendous amount of modern software.

The Google-funded roles will be less exploratory and more based in wading through an already existing backlog of warnings and known problems in Silva and Chancellor's respective fields.

"We want to show that this model can work with contractors working with open source communities," said Lorenc. "I'm going to show that it does work and it can work when we get results, and I'm going to try to encourage other people in the industry to do the same."

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.
Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.