Vault 7 fallout: Linux Foundation says it's "not surprising" Linux is targeted
In the wake of WikiLeaks' Vault 7 CIA leaks, Apple has been quick to point out that vulnerabilities mentioned in the documents have already been addressed. Microsoft and Samsung have said they are "looking into" things, and now the Linux Foundation has spoken out.
Nicko van Someren, Chief Technology Officer at The Linux Foundation says that while it is "not surprising" that Linux would find itself a target, the open source project has a very fast release cycle, meaning that kernel updates are released every few days to address issues that are found.
The rapid release cycle means that vulnerabilities can be fixed faster than in other software. "Linux is an incredibly active open source project. Thousands of professional developers and volunteers - including many of the most talented in the world - are constantly contributing improvements and fixes to the project. This allows the kernel team to release updates every few days -- one of the fastest release cycles in the industry. Rapid release cycles enable the open source community to fix vulnerabilities and release those fixes to users faster," says van Someren.
His reason for not being surprised to learn that Linux may have been targeted is down to the fact that it is "a very widely used operating system, with a huge installed base all around the world."
He goes on to say:
Further, The Linux Foundation's Core Infrastructure Initiative (CII), which has the backing of many leading technology companies, is working to actively assist open source projects globally to help them develop their code using best practices proven to yield more secure results. Decades of software development tell us software will never be bug free. Through the work of open source communities, assistance from programs like CII and engagement with a vast pool of talent and support from contributing companies, we can enable open source software communities to continue producing some of the most secure software on the planet.
Just as with Apple's response, the Linux Foundation does not make reference to any specific vulnerabilities that have been fixed.