In
July, Microsoft announced it is now seeking advice from the Linux development
community. The company has now officially been admitted to the closed
Linux-distro list. The news was met with some dismay at first, but it’s a move
that makes a great deal of sense, and not just because Linux has a reputation
for being a bit more secure than any of Microsoft’s products. [1]
Microsoft
is no stranger to security
vulnerabilities in products both old and new. That’s really no surprise, of
course. It’s the most widely-used operating system in the world, holding approximately 78
percent of the global desktop market share, and about 36 percent across all platforms.
That
means it’s simply more cost-effective for criminals to target and exploit
Microsoft vulnerabilities in lieu of a platform like OS X or Linux.
That
isn’t to say Microsoft is entirely blameless here, of course. On more than one
occasion, the company has failed to patch a
zero-day exploit. On more
than one occasion, security features in Windows 10 – purportedly the company’s
most secure OS to date – have been broken by
official updates.
If
it is to maintain its market dominance, particularly in enterprise, the company
needs to do better. And it recognizes that. It’s why the company recently
joined the Linux Distribution
Security Contacts List.
The
list is intended to foster discussion and provide information about security
issues that have yet to be made public. This gives its members the opportunity
to address the issues before they become common knowledge. The conversation includes developers from Linux
distros such as FreeBSD and NetBSD as well as professionals from Red Hat,
Amazon Web Services, and Oracle.
From
a security perspective alone, it makes sense for Microsoft to be a part of
these discussions. But that’s not the only reason this is a good first step.
For one, the company confirmed that it plans to
ship a Linux kernel through Windows 10. Moreover, it is for all
intents and purposes a Linux distributor already, as emphasized by the
Microsoft Linux kernel developer Sasha Levin, who noted in a now-public email
thread
that the company’s client-base already uses a number of distro-like builds.
“Microsoft
wanted in because, while Windows sure isn’t Linux, the company is, in fact, a
Linux distributor,” reads a piece on tech
publication ZDNet. “[Levin] pointed out Microsoft has several
distro-like builds, which are not derivative of an existing distribution, that
are based on open-source components.”
“Per
our current policy and precedents, I see no valid reasons not to subscribe
Microsoft…to Linux-distros,” wrote Alexander
Peslyak, founder of open-source security site Openwall, in the same thread. “Microsoft doesn’t look all
that different from many other large corporations, including some which already
have their Linux distro teams represented on the list.”
Even
if Microsoft did not have such a long
history with Linux, joining the mailing list is a good move on the company’s
part. It means that the tech titan has finally acknowledged the truth that many
of us have known for quite some time. That where cybersecurity is concerned,
competition cannot take a front-seat
ahead of collaboration.
That
is to say unless we all work together, there’s no feasible way we can stop the
inevitable march of cyber-crime. In short, Microsoft’s membership in this
distribution list is a good first step no matter your perspective. I’m
interested in seeing where it goes from here.
Tim Mullahy, Executive Vice President and Managing Director at Liberty Center One.
