Supply chain attacks are becoming increasingly more common — and are just as devastating as ever, said Jon Gaines, senior application security consultant at nVisium. So, for someone as renowned as Linus Torvalds to make a statement that moves forward Linux’s integrity in terms of ease of development and security is “such a positive development,” Gaines said.
“This need has been around for years and his approach to developing tools that make cryptographically-signed software simpler and easier has been incredibly useful to the Linux community,” said Gaines. “I do hope it doesn’t get bogged down or get put behind a price tag, but hopefully that won’t be the case. This entire development most likely would have helped mitigate some vulnerabilities found that were already baked into the Linux Kernel in the past.”