Their goal is to make the pervasive operating system more sustainable as research indicates a need to improve open source software security, specifically in Linux. A report from the Linux Foundation s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard University (LISH) found a lack of security efforts in open source software.
It s worth noting Linux has more than 20,000 contributors and 1 million commits as of August 2020. But while there are thousands of Linux developers, Google s contribution to underwrite two full-time Linux security maintainers indicates the greater role security will play in its future. The company also hopes this initiative will motivate other organizations to contribute.
Developers opinions of security and secure coding calling it a soul-withering chore and an insufferably boring procedural hinderance highlight that companies who want to harden their applications against attacks have a significant gap between those desires and getting their own developers on board, says Frank Nagle, a Harvard Business School professor and contributing author to the report analyzing the survey results. It appears that this shifting left has not fully pervaded the minds of FOSS developers, he says. Although we did not specifically ask whether developers think security is important, they likely understand that is a concern, but believe others should deal with it.