https://www.youtube.com/watch?v=F_Kza6fdkSU

So I wanted to highlight this talk from Brad Spengler about the state of Linux security. It's a damning report if you read even a little bit between the lines. And on many levels. As Halvar points out, Android deliberately avoided investing what they knew they needed to invest in platform security in the effort to gather significant early market share, even knowing it would harm their user-base in a multitude of ways.

And this kind of philosophical trade off taken by companies filters into the Linux security ecosystem, creating Ogres of various sorts, like Calamity Gannon's corruption of various parts of Hyrule. For example, phones often run on an older Linux kernel, which means there is economic incentive to backport features and security fixes to those kernels, or pretend you can. 

Likewise, much of the effort of the Linux security community is focused on KASLR, which Brad points out, is largely a waste of time. 

He also talks about Syzkiller, automated exploit generation, and a host of other things. Well worth a listen! 

-dave