Most open-source development work, like the name says, is done in the open. The exception is the first stages of security work. Unpatched security holes, however, are discussed and fixed behind closed doors. Now, Microsoft has been admitted[1] to the closed linux-distro list[2].
Microsoft wanted in because, while Windows sure isn't Linux, the company is, in fact, a Linux distributor. Sasha Levin, a Microsoft Linux kernel developer, pointed out Microsoft has several distro-like builds -- which are not derivative of an existing distribution -- that are based on open-source components. These are:
- Azure Sphere[3]: This Linux-based IoT device provides, among various things, security updates to deployed IoT devices. As the project is about to step out of public preview into the GA stage, we expect millions of these devices to be publicly used.
- Windows Subsystem for Linux v2[4]: A Linux based distro that runs as a virtual machine on top of Windows hosts. WSL2 is currently available for public preview and schedule for GA early 2020.
- Products such as Azure HDInsight[5] and the Azure Kubernetes Service[6] provide public access to a Linux based distribution.
In addition, Levin asked in, because:
"Microsoft has decades long history of addressing security issues via [the Microsoft Security Response Center] MSRC[7]. While we are able to quickly (<1-2 hours) create a build to address disclosed security issues, we require extensive testing and validation before