The Linux Foundation has announced that Google has provided funding to help maintain security mechanisms in the Linux kernel and harden kernel security. Gustavo Silva and Nathan Chancellor will be employed full-time.
Nathan is known for his work in ensuring that the Linux kernel is built using the Clang compiler and for building compile-time security mechanisms such as CFI (Control Flow Integrity). Nathan's next work at the first stage will focus on fixing all the errors that pop up when using Clang/LLVM, and implementing a continuous integration system for testing builds based on Clang. Once the known issues are resolved, work will begin on adding additional security enhancements to the kernel provided by the Clang compiler.
Gustavo is one of the active participants in the KSPP (Kernel Self Protection Project) project to promote active protection technologies in the Linux kernel. Gustavo's main task will be to eliminate some classes of buffer overflows by replacing all instances of arrays that have zero length or contain only one element with a dimensionless array declaration (Flexible Array Member). In addition, Gustavo will deal with fixing errors in the code before it enters the main part of the kernel, and developing active protection mechanisms in the kernel.
Source: opennet.ru