And for those curious, here’s the current stats for kernel CVEs reserved/assigned/rejected since we started just over a year ago:
Year Reserved Assigned Rejected A+R Total
2019: 47 2 1 3 50
2020: 36 14 0 14 50
2021: 20 728 23 751 771
2022: 20 1098 16 1114 1134
2023: 20 493 28 521 541
2024: 20 3067 84 3151 3171
2025: 1837 384 12 396 2233
Total: 2000 5786 164 5950 7950
How #Linux Kernel Deals With Tracking CVE #Security Issues: https://thenewstack.io/how-linux-kernel-deals-with-tracking-cve-security-issues/ via @TheNewStack & @sjvn
And why, all too soon, most #opensource projects must also manage their own Common Vulnerabilities and Exposures.
Excellent #keynote by @gregkh at #KubeCon #CloudNativeCon on why we need #Rust in the #Linux kernel, including:
➡️ Standardize, "automate" error handling
➡️ Enforce lock acquisition, automate release
➡️ Type safety
As an important side-effect, switching from C to Rust requires you to ensure APIs fit the cleaner error handling/locking/type paradigms.
To ensure Linux stays secure and maintainers sane.
He also recommended the following 90-minute presentation: https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah
Many in open source are still unaware of how the Cyber Resilience Act will impact projects and businesses. This blog breaks it down.
The initial set of speakers and talks for ER is now published. A few highlights:
- @gregkh on the EU Cyber Resiliency Act (CRA)
- barriers to security on embedded systems
- Steam OS impact on Linux ecosystem
- Functional Safety on Linux
- writing real-time applications
- fully open source CNC and 3D printing
and many more: https://embedded-recipes.org/2025/speakers/
Registration is now open for ER 2025! We hope you can join us this year in Nice, France.
https://embedded-recipes.org/2025/attend/
At least once a day I'm reminded of this slide from @bagder last year at FOSDEM
What comes after world domination?
This is the abstract for my scheduled talk at foss-north 2025 in April. What do you think is next?
Where's all the commentary and speculation for good kernel rust stories? https://www.phoronix.com/news/Linux-6.14-Faux-Bus-Merged
how to change the kernel[1]
1. assemble a sufficient coalition of willing fools
2. do it
3. if it works, ask for forgiveness, if it fails, quietly bury it and try the next thing
the more public success you pile up, the easier this gets. but if you fail at step 1, because your ego gets in the way, or you lack the political skills, or you think talking about anything non-technical is verboten, it will be endless amounts of pain and frustration
1: anything you want to change really
https://www.linuxfoundation.org/blog/navigating-global-regulations-and-open-source-us-ofac-sanctions
TL;DR: Maintainers can accept patches from sanctioned entities, but not request more details, or suggest changes for a v2...
It’s been a long time coming... and it's finally here!
We’re making all the resources from Kernel Recipes available to you, from the very start (yep, there are some gems in there!). It’s still a little rough around the edges in terms of interface, but it’s totally usable: slides, videos, photos, and drawings
Plus, don’t worry – we’re keeping last year’s site online, and the current one too. So, dive in and start exploring!
Enjoy! 🚀