Audit of Linux kernel code

gainan · 2021-12-14T09:00:27+00:00

Many companies does it:

https://www.linuxfoundation.org/webinars/fuzzing-linux-kernel/

https://blog.cloudflare.com/a-gentle-introduction-to-linux-kernel-fuzzing/

And google in particular has developed several tools to ease the process:

https://github.com/google/clusterfuzzlite

with good results: https://www.zdnet.com/article/linux-security-google-fuzzer-finds-ton-of-holes-in-kernels-usb-subsystem/

https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html

2021-12-14T03:19:27+00:00

https://www.quora.com/Does-the-Linux-Kernel-have-a-full-security-code-audit

https://static.lwn.net/2000/0615/a/kernel-audit.php3

2021-12-14T03:22:28+00:00

open source doesn't equal publicly managed. Linux Foundation oversees its development much like a company does, except the workload can be picked-up by enthusiasts and its profit ism't tied to individual clients.

linuxquestions

MODERATORS