Google Open Source Security Team employee Case Cook described in Google blogs the problems of operating systems based on Linux, including Android. According to him, there are a lot of vulnerabilities in the Linux kernel, and the existing approach of operating system developers and device manufacturers does not allow them to quickly get rid of them.
Case Cook writes that about a hundred vulnerabilities are closed in the Linux kernel every week – and these are just those that become known to information security specialists. There are also zero-day vulnerabilities that developers are not aware of, but can be exploited by attackers.
Linux-based operating system makers are reluctant to introduce new versions of the kernel, as this is fraught with compatibility issues. Because of this, for example, Android smartphones mainly use the Linux kernel, which is already several years old. It is vulnerable to hacker attacks and viruses.
Kees Cook also points out other Linux problems. The kernel of this operating system has grown to over 25 million lines and is written in the legacy C language, which introduces additional security concerns. In addition, Linux developers mostly communicate via email and ignore more advanced, productive ways of communicating.
Cook suggested that Linux kernel developers switch to a secure programming language like Rust, increase their staff looking for bugs and vulnerabilities, and also stop communicating by email and switch to specialized task managers and automated development and bug tracking systems.