LOS ANGELES—Twenty-six years ago, Linus Torvalds started the Linux operating system, and at the Open Source Summit here on Sept. 11, Torvalds detailed his views on security, development and collaboration and why he’s still having fun working on Linux.
Torvalds was asked in a keynote conversation with Linux Foundation Executive Director Jim Zemlin about the current state of security in Linux, especially given that the open-source Struts project has been alleged to be the root cause of the recent Equifax data breach.
“The concept of absolute security doesn’t exist,” Torvalds said. “Even if we do a perfect job—and we try to do that—let’s be honest, there will always have bugs.”
Torvalds added that in the Linux kernel, there are a lot of security checks, including static analysis and fuzz testing, to help identify vulnerabilities. Fuzz testing involves generating random inputs for software in an attempt to trigger an error condition. Torvalds said random inputs provide a very powerful way for finding bugs and improving security.
“You may not reach absolute security, but people that deploy default models are so much better off today; we’re making obvious improvements,” Torvalds said of Linux kernel security.
Torvalds also noted that as a technical person he is impressed by the ingenuity of the people who attack Linux code.
“There are smart people doing bad things. I wish they were on our side, and they could help us,” Torvalds said. “Where I want us to go is to get as many smart people as we can before they turn to the dark side.
“We would improve security that way and get those who are interested in security to come to us before they attack us,” he added.
Corporate Linux
Linux has become increasingly developed by developers who work for companies. Torvalds said he’s a big fan of the continued professionalization of open source.
“It’s very important to have companies in open source.It’s one thing I have been very happy about,” Torvalds said. “Linux came out of the free software movement, and there was a lot of anti-commercial sentiment.”
Torvalds said he has long disagreed with the idea that corporate interests and open-source developers cannot work together.
“You should not hate companies that can bring you work and bring you users,” he said. “Users are what really matter, and a lot of the people you want to reach need to have support and documentation.”
User support is an area in which commercial interests play a pivotal role in open source, in Torvalds’ view.
“It’s not about the small guy against the big companies; it’s about collaboration,” he said.
Zemlin asked Torvalds about what continues to motivate him to work on Linux, and his answer was that he’s really happy that he gets to work on something that is meaningful. While Torvalds is world renowned, he noted that his actual working environment is anything but glamorous.
“I work from my home office in a bathrobe. It’s not a glamorous life,” Torvalds said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.