Source: thenewstack.io
University of Minnesota Researchers Tried to Poison the Linux Kernel for aCategory: Software, Business
Researchers from the University of Minnesota submitted intentional faulty code to the Linux kernel — and almost got away with it. The name of said research paper was “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits,” which was published February 10.
The researchers, in the name of academia, decided to commit flawed code (that would, in turn, introduce other serious issues) into the Linux kernel, to prove they could do it.
Because of these actions, the entire university was banned from submitted patches to the Linux kernel.
The researchers themselves concluded in their paper that open source projects should develop codes of conduct forbidding “hypocrite patches,” and that the projects should use robust testing and vulnerability discovery tools for incoming patches.
The researchers, in the name of academia, decided to commit flawed code (that would, in turn, introduce other serious issues) into the Linux kernel, to prove they could do it.
Because of these actions, the entire university was banned from submitted patches to the Linux kernel.
The researchers themselves concluded in their paper that open source projects should develop codes of conduct forbidding “hypocrite patches,” and that the projects should use robust testing and vulnerability discovery tools for incoming patches.
Related Articles
Community Partners
DevOps Careers