Linux Conversations | Episode 7: SUSE Security – Protecting Enterprise Linux with Marcus Meissner

Welcome to ‘Linux Conversations’, where SUSE experts discuss all things Linux. Today, we delve into the critical topic of SUSE Linux security with Marcus Meissner, Distinguished Engineer for Security and Certifications at SUSE. Marcus brings extensive experience to the table, having worked in product security at SUSE since 2002.

Interview

Rick Spencer: Hey Marcus, it’s good to see you this morning. To start, could you please introduce yourself and tell us a bit about your role at SUSE?

Marcus Meissner: Hi Rick, thanks for having me. I’m Marcus Meissner, Distinguished Engineer for Security and Certifications. I also manage projects within the product security team. I’ve been with SUSE since 2002, focusing on the security of all our Linux products.

Rick Spencer: That’s a long tenure! So, in your role, do you primarily focus on proactive security measures or responding to security incidents?

Marcus Meissner: It’s a blend of both. We aim to ship a secure product, conducting design reviews and audits to minimize vulnerabilities. However, security incidents are inevitable, so we’re also heavily involved in incident response.

Rick Spencer: And you also work with certifications, correct?

Marcus Meissner: Yes, I support our certifications team as a subject matter expert, particularly with Common Criteria and FIPS certifications.

Rick Spencer: So, how does SUSE ensure the products are secure from the start?

Marcus Meissner: We have automated processes within our Open Build Service that detect new setuid root binaries or services. These are then reviewed and listed as allowed by our team. We also guide developers on secure coding practices.

Rick Spencer: It sounds like you’re preventing privilege escalation from the ground up.

Marcus Meissner: Exactly. We aim to minimize the need for root access and apply hardening measures wherever possible. We also conduct final security reviews before product releases.

Rick Spencer: Even with proactive measures, security vulnerabilities exist. How does SUSE handle security incidents, especially zero-day exploits?

Marcus Meissner: We participate in embargoed CVE mailing lists to get early warnings about critical vulnerabilities. We also have internal processes for handling these disclosures and preparing timely updates.

Rick Spencer: So, SUSE is actively involved in the security community.

Marcus Meissner: Yes, we contribute to and collaborate with the broader security community, including our competitors, to improve overall Linux security..

Rick Spencer: How does SUSE handle the large volume of CVEs that affect your products?

Marcus Meissner: We have our own tooling to manage and track CVEs, allowing us to coordinate fixes efficiently. We also provide automation data for customers and third-party scanners.

Rick Spencer: Finally, what would you like to say to enterprise customers about SUSE Linux security?

Marcus Meissner: We have robust and certified processes and tooling to ensure security. We strive to balance security and functionality, and we provide timely incident response. We understand that security is a top priority for our customers.

Rick Spencer: Thank you, Marcus. Your work helps many people sleep better at night!

Conclusion

Marcus Meissner’s insights highlight SUSE’s commitment to Linux security, from proactive design reviews to rapid incident response. With robust tooling and active participation in the security community, SUSE aims to provide a secure and reliable Linux experience for enterprise customers.

For more information on SUSE security practices, please visit our website. Stay tuned for more interviews in our “Linux Conversations” series, where we explore the dynamic world of Linux with experts from SUSE.

More from this Series:

• Linux Conversations | Episode 1: Running Multi-Linux Environments in Production with Donald Vosburg
• Linux Conversations | Episode 2: The Future of SUSE Multi-Linux with Johannes Hahn
• Linux Conversations | Episode 3: Fixing the Unfixable with William Preston
• Linux Conversations | Episode 4: 25 Years of Linux Evolution with Matthias Eckermann
• Linux Conversations | Episode 5: Securing the Untrusted: How Confidential Computing Protects Your Data with Joerg Roedel
• Linux Conversations | Episode 6: 25 Years of SUSE Expertise on SAP Infrastructure Supporting SAP’s Hybrid Cloud Journey with Tobias Kutning
• Linux Conversations | Episode 7: SUSE Security – Protecting Enterprise Linux with Marcus Meissner
• Linux Conversations | Episode 8: Ensuring SAP Quality: The Collaborative Automation Journey with Haris Sehic
• Linux Conversations | Episode 9: SUSE Security – The Gold Standard of Enterprise Linux Security and Compliance with Dietrich Banschbach and Knut Trepte
• Linux Conversations | Episode 10: Powering Linux Innovation: SUSE’s Critical Silicon Partnerships with Jose Betancourt

Stay tuned for more interviews in our Linux Conversations series—follow our blog or subscribe for the latest insights from SUSE Linux experts.

*Disclaimer: This transcript has been lightly edited for clarity and readability.*