Linux kernel security work
4 months ago
- #CVE
- #Security
- #Linux Kernel
- The Linux kernel security team focuses on fixing reported security bugs without public announcements.
- Security team members are independent volunteers, not affiliated with any company.
- Bug reports should be sent in plain text emails without attachments or encryption.
- The team works reactively, involving subsystem maintainers as needed for fixes.
- No embargoes longer than 7 days are allowed for fixes.
- The kernel does not mark security fixes differently, treating all bugs equally.
- A separate CVE team assigns CVEs after fixes are public.
- Hardware security issues may require a special encrypted email list and longer embargoes.
- The security team was formalized in 2005 to centralize bug reporting.