Google is underwriting two Linux kernel security positions through the Linux Foundation, the company announced Wednesday.
The effort support Google's strategy "to help support the critical open source projects that we're relying on," Google software engineer Dan Lorenc told SC Media.
"We do this in a bunch of ways, but the one that we like most is to work with existing maintainers and existing communities rather than coming in from the outside."
Google will fund Gustavo Silva, who already works in a similar role eliminating buffer overflows and bolstering new security tools; and Nathan Chancellor, a new hire, who will focus on the Clang/LLVM compiler.
Using the Clang compiler for Linux is an accepted secondary option to build the operating system. But, said Lorenc, Clang is not particularly well maintained by full-time staff. Chancellor had been an active contributor to the project, but only in his free time.
This announcement comes less than a month after Google proposed base security standards for critical open-source packages, recognizing that open-source code accounts for a tremendous amount of modern software.
The Google-funded roles will be less exploratory and more based in wading through an already existing backlog of warnings and known problems in Silva and Chancellor's respective fields.
"We want to show that this model can work with contractors working with open source communities," said Lorenc. "I'm going to show that it does work and it can work when we get results, and I'm going to try to encourage other people in the industry to do the same."
