CIQ
HomeCIQ Press Releases

MEDIA ADVISORY: CIQ White Paper Quantifies Volume of Back-Ported Bugs in Stable Branches of Popular Linux Builds

Paper is intended to highlight an "open secret" in the Linux community: that the vendor kernel model is broken and cannot be fixed, and that an upstream stable kernel provides much greater protection from security vulnerabilities.

RENO, Nev., May 16, 2024 /PRNewswire-PRWeb/ -- CIQ, the company leading the next generation of software infrastructure for enterprises, has published a white paper titled, "Vendor Kernels, Bugs and Stability." The paper is intended to put numbers around an open secret in the Linux community, specifically, that vendor kernels are inherently insecure and that the current engineering process makes securing those kernels impossible. Instead, the paper advocates, consuming upstream stable kernels affords much greater protection from security vulnerabilities that are routinely back ported in error into vendor kernels.

The paper's authors maintain that "this creates a strong incentive" for customers that are concerned with security and ensuring that their systems are secure to subscribe to and use a stable kernel instead of a vendor kernel. "We believe that the only realistic way for a customer to know they run a kernel that is as secure as possible is to switch to a stable kernel branch."

We believe that the only realistic way for a customer to know they run a kernel that is as secure as possible is to switch to a stable kernel branch.

The paper lists four conclusions:

  • The vendor kernel model is broken. It can not be fixed.
  • A vendor kernel is an insecure kernel. A late cycle stabilized vendor kernel is doubly so.
  • There are just too many known open bugs. It is not feasible to analyze or classify them all.
  • An upstream stable kernel provides much greater protection from security vulnerabilities and general bugs in the kernel code.

The white paper is free and open for download at: https://ciq.com/whitepaper/vendor-kernels-bugs-stability/