When this occurs, issues are disclosed in a closed Linux-distro list. In other words, this is a specific distro that is not open and only accessible by invited members. Microsoft has been going big on open source in recent years, including with a Linux distro for Windows 10. Now, the company wants to be a part of the restricted closed security list. As you would expect, the biggest Linux distros are part of the list, such as SUSE, Red Hat, Debian, and Canonical. Microsoft is a massive company and is now a distributor of Linux, so clearly believes it should be a part of the exclusive list. Essentially, the list is a way for security bugs in the platform to be revealed privately. Such flaws are soon to be made public, with the list management asking developers who discover security bugs to keep them private for up to 14 days.
Experience
Microsoft’s entire reasoning for being placed on the list is that is now a distributor. The company’s kernel developer, Sasha Levin has made a request to join the private distro. “Microsoft has decades long history of addressing security issues via [the Microsoft Security Response Center] MSRC. While we are able to quickly (<1-2 hours) create a build to address disclosed security issues, we require extensive testing and validation before we make these builds public. Being members of this mailing list would provide us the additional time we need for extensive testing.” Current members of the list will conduct a vote in the coming days to decide if Microsoft should become a member.