Linux Code Security: Today's Top Code Quality Issue
Don Marti is chair of Open Source World (previously LinuxWorld). A Linux user since 1994, Don has been a writer, editor, professional services consultant, and conference organizer. Marti walks us through Linux security from the developer perspective and shares his thoughts on today’s biggest code quality issues, open source advantages and best practices for proprietary and OSS teams.
Q. So you’ve been coding with Linux since practically the dawn of the kernel. What is the appeal for you? Is Linux an obvious choice for certain developers and, if so, for what reasons?
A. The advantage of Linux is that you can keep your suppliers honest by being able to go elsewhere. Senescent IT companies either fail, or squeeze their users for short-term revenue at the expense of quality, or both. Linux lets the actual product survive a company’s end. The other advantage is that you can strip out the functionality you don’t need. Your security and quality risks are lower when you can turn stuff off, either at the source code level or the install level.
Q. In the time that you’ve been involved with Linux, have you observed if the “strength” of the code base grown or changed?
A. I’ve been running Linux since 1994, and in that time almost everything has been rewritten a couple of times. The complexity has grown a lot, but the level of work you can get done with an out-of-the-box install has grown way more, so I can’t complain.
Q. From your experience, what has been the Linux community’s perception of quality and security in the Linux code base? Has concern been voiced and addressed and how?
A. There has always been tension between fast feature changes and code quality. Everybody has a different comfort level, and almost all users want a version that’s stable and tested and never changes — except, of course, for the one essential feature I want.
Q. Has concern for Linux code security been tackled from a community manager perspective?
A. For Linux proper, the kernel, no. There’s no “community manager” for the kernel developers, and I wouldn’t wish that job on anybody.
If you expand the question to include all the software subsystems that go into a “Linux” install, then yes. Many of them have community managers and well-established security protocols.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
linux
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
