Security News Don't panic! It's only 60 Linux CVE security bulletins a week

Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Content source
https://www.zdnet.com/article/dont-panic-its-only-60-linux-cve-security-bulletins-a-week/
In February 2024, the Linux kernel developer team took over assigning CVEs for the Linux kernel. They did so because new government regulations, such as those from the European Union, required open-source projects to take responsibility for known vulnerabilities.

In addition, as Kroah-Hartman explained at the time, because while the CVE "system overall is broken in many ways... this change is a way for us to take more responsibility for this, and hopefully make the process better over time." It also made sure that no other group could assign Linux CVEs without the Linux developers getting their say.

Wait. Isn't 60 CVEs a week about problems that can stop your computer dead in its tracks something to worry about? Well, yes. Then, again, no.

You see, Kroah-Hartman explained, today, the Linux kernel has "38 million lines of code. You only use a little bit of this. My laptop uses about one and a half million lines of code. .... Your phone, the most complex beast out there, uses about 4 million lines of code. So, out of everything, you're really using a small portion, but everybody uses a different portion, and that's an important thing to remember."

The Linux kernel team doesn't have a clue which portion you use in your product. Their job is to produce the core code that everyone uses. Each with its own unique configuration and use case.
Click to expand...
In short, don't get worked up about the sheer volume of CVEs. Just be sure to check that nothing in the latest bunch affects your setup. Far more often than not, it won't. To be truly safe, though, start updating your Linux kernel far more often than most of you do today.
Click to expand...
www.zdnet.com

Don't panic! It's only 60 Linux CVE security bulletins a week

In security circles, Common Vulnerabilities and Exposures security bulletins can be downright scary. In Linux, however, it's just business as usual.
www.zdnet.com www.zdnet.com
 
  • Like
  • Wow
Reactions: nicolaasjan, mlnevese, silversurfer and 3 others

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The October 2024 Security Update Review
Replies
2
Views
1,463
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
Replies
2
Views
1,636
Security News
SeriousHoax
SeriousHoax
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed
Replies
5
Views
3,116
Security News
cofer123
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top