Microsoft recently revealed that it runs more Linux than Windows 10 jobs on their Azure servers. Keeping all those instances secure is obviously very important which may explain why Microsoft has applied to join one of the most important Linux security mailing lists.
The Linux-distros security list is a closed list for unreleased security issues to allow companies to discuss and develop fixes. The list currently includes developers from FreeBSD, NetBSD, and most of the major Linux distributors including Canonical, Debian, Red Hat, SUSE, and cloud Linux vendors such as Amazon Web Services (AWS) and Oracle.
Microsoft, as a new Linux distributor, applied to join the group with Sasha Levin, a Microsoft Linux kernel developer, noting:
“Microsoft has decades long history of addressing security issues via [the Microsoft Security Response Center] MSRC. While we are able to quickly (<1-2 hours) create a build to address disclosed security issues, we require extensive testing and validation before we make these builds public. Being members of this mailing list would provide us the additional time we need for extensive testing.”
He continued, saying “the Linux usage on our cloud has surpassed Windows, as a by-product of that MSRC has started receiving security reports of issues with Linux code both from users and vendors. It’s also the case that issues that are common for Windows and Linux (like those speculative hardware bugs).”
Microsoft’s application will be voted on in the next few weeks, but the company appears to have good support already, with Tyler Hicks, a Canonical Linux kernel engineer, writing: “They’ve been beneficial to the greater Linux community and I feel like their direct involvement on Linux-distros would benefit other members.”
Update: It has now been agreed that Microsoft can be admitted to the list, with the keeper noting that Microsoft should not be unfairly discriminated against due to stigma from very old events and views.