Reply to post: Re: Linux kernel doesn't do too badly with this intractable problem

Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel

Andrew Commons

Re: Linux kernel doesn't do too badly with this intractable problem

@Glen Turner 666

You are spot on.

With regard to point (2) many organisations have formal procedures for vetting people allowed into the 'inner circle'. Whilst these are fallible they at least raise the bar to some extent. I have no idea if such processes are applied in critical open source development environments.

The kernel is only one area where this problem exists and is probably not the best option for exploitation. The sweet spot is probably some component that is widely used and is not a standard component of major distributions.

If you use something direct from the (open) source then you are responsible for the due diligence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021