NEWS: @Google funds Linux kernel developers to focus exclusively on security: https://bit.ly/3pUnrL4 #linux #linuxkernel #security #supplychain #oss @nathanchance
-
"downstream" only has to take the weekly stable/LTS releases to get all known security and bug fixes (i.e. security fixes we don't know about yet). How much easier can it get for them, we provide it all fully tested!
Companies have verified over the years that taking these releases means that all published CVEs are fixed _before_ they are announced, given that the average CVE request-to-release is -100 days (meaning the fix has been public for 100 days before the CVE was asked for.)
