As one of the pillars of the open source ecosystem, the Linux kernel is one of the most influential projects in use today.
Written back in the ’90s by Linus Torvalds, after whom the project is aptly named, it is available for use in open source projects under a GNU GPL license.
With over 823k commits and 25,215 forks listed on its GitHub page, the Linux kernel can boast an active and engaged community of over 12,000 developers including talent from tech giants like Microsoft, Google, Intel, and Red Hat.
Given such a robust community, there are bound to be a wide range of Linux kernel vulnerabilities that turn up in the course of code reviews and simply by poking and prodding the popular project. Over the years, the Linux kernel has racked up one of the longest lists of vulnerabilities among open source projects.
While a reputation like that might scare some off developers from using this project in their own work, the reality of its continued popularity reflects the understanding that some components are just too baked into the ecosystem that no amount of vulnerabilities are going to keep developers from using them. By the same token, such a reputation actually provides a bit of street cred since it shows that the community supporting this project actually cares and is active enough to catch vulnerabilities before they become a problem. Once uncovered, the community can develop a fix and make it available for developers to implement in their products.
Unlike Windows or MacOS which push out software updates to users automatically, it is up to developers to look for Linux kernel updates on their own. This means being aware of which open source components they are (Read more…)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-10-linux-kernel-vulnerabilities