University of Minnesota Banned from Contributing to Linux Kernel for Intentionally Introducing Security Vulnerabilities (for Research Purposes)
Their initial research paper is here, no word yet on what the follow-up paper which is generating the new batch of shit commits is: [https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf](https://raw.githubusercontent.com/QiushiWu/qiushiwu.github.io/main/papers/OpenSourceInsecurity.pdf)
What do you think? I suppose the biggest question on my mind is: clearly this is unethical, but do you feel it needed to be done?
Does the value of the research outweigh the security cost, maintainer time, and penalty to UMN? Or was this functionally known – that vulnerabilities could be introduced by FOSS contributors – and confirming an obvious take against such an influential project was just a move for clout?
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address