Once again, Microsoft is showing its interest in Linux, already that recently I request that it be included in the list of contacts who receive vulnerability alerts long before being released to the public.
Because when companies or hackers reveal uncorrected security vulnerabilities to Linux developers, in these cases, These issues are first revealed in the closed list called "Linux Distribution Security Contacts."
Currently this list includes representatives from:
- ALT Linux
- Amazon Linux AMIs
- Arch Linux
- Chrome OS
- CloudLinux
- CoreOS
- Debian
- Gentoo
- Openwall
- Oracle
- Red Hat
- Slackware
- SUSE
- Ubuntu
- Wind River
In addition to this list, independent volunteers are added. Since the purpose of this list is "to inform and discuss security issues that are not yet public (but will be made public very soon)."
For more details on those who report security incidents please note that "The maximum acceptable period for shipments disclosed to these lists is 14 days."
In fact, internal knowledge periods of less than 7 days are preferable. Clearly, the list makers ask that security breaches not remain private for more than 14 days after being revealed to the group.
Microsoft wants to be alert to fix bugs in its products
Sasha Levin, a Microsoft developer You have asked that Microsoft have access to the list because Microsoft is a Linux distributor.
Specifically, Microsoft provides several distribution type versions that are not derived from an existing distribution and are based on open source components.
These are:
- Azure Sphere OS: is a Linux-based operating system created by Microsoft for IoT applications.
Microsoft says Azure Sphere brings together the best of Microsoft's cloud expertise, software, and device technology to provide a unique approach to security that extends to the cloud.
- WSL2: on the other hand this is a new version of the architecture that Allows the Windows subsystem for Linux to run the Linux ELF64 binaries on Windows.
This new architecture, which uses a real Linux kernel, modifies the way these Linux binaries interact with Windows and computer hardware, while offering the same user experience as in WSL 1 (the version currently available on a stable version).
WSL 2 offers much faster file system performance and full system call support, allowing you to run more applications like Docker. Microsoft has released the source code for the WSL2 Linux kernel.
Products such as Azure HDInsight and the Azure Kubernetes service that provide public access to a Linux distribution.
Furthermore, Levin said:
“Microsoft has a long history of resolving security issues through MSRC, Microsoft's Security Response Center. We can quickly (in less than 1 to 2 hours) create a version to resolve the disclosed security issues, we need extensive testing and validation before making these releases public. Being a member of this mailing list would give us additional time for extensive testing. "
Joining the developer roster would allow Microsoft to manage Linux software as fast as Linux developers, as the company would have access to discussions and information about problems with Linux distributions that have not yet been made public.
Information that would technically allow you to protect your clients as if they were using Linux natively.
A decision will be made in the coming days on whether Microsoft should join the list. Linux developers.
However, the company has already received support from several renowned Linux developers, including Greg Kroah-Hartman, the maintainer of the stable Linux kernel.
Although some people still regard Microsoft as the enemy of all things Linux, Microsoft seems to be a complete Linux development partner.