Stealthily Introducing Vulnerabilities News Today : Breaking News, Live Updates & Top Stories | Vimarsana

The University of Minnesota Banned by Linux – Why Open Source is Problematic

The University of Minnesota Banned by Linux – Why Open Source is Problematic Recently, two researchers from the University of Minnesota and fellow graduates could upload intentionally buggy code and junk code into the Linux Kernel and accepted by the community. Why did the researchers do this, how did the Linux community react, and what does this demonstrate about open source software? Researchers Upload Buggy Code to Demonstrate Security Flaws Recently, a paper was released by the University of Minnesota written by Qiushi Wu and Kanhjie Lu titled “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”. The paper describes how the two researchers could generate code that claims to fix one bug in the Linux kernel while intentionally introducing other bugs. The Linux kernel is open-source, and as such, can be accessed by the wider community, and anyone can suggest changes to the code via submissions.

Greg kroah hartmanQiushi wuKanhjie luSource softwareUniversity of minnesotaLinux foundationLinux kernelUpload buggy codeDemonstrate securityStealthily introducing vulnerabilitiesOpen source softwareமூல மென்பொருள்பல்கலைக்கழகம் ஆஃப் மினசோட்டாலினக்ஸ் அடித்தளம்லினக்ஸ் கர்னல்திறந்த மூல மென்பொருள்

This Week in Programming: Should Trust Have a Home in Open Source Security? – The New Stack

When the Linux maintainers found out about this, they quickly banned the entire university from Linux development, before the Linux Foundationsent the university a list of demands, to which it would seem the university quickly acceded, pulling its paper from an IEEE conference to which it was accepted and agreeing to provide “all information necessary to identify all proposals of known-vulnerable code from any U of MN experiment.” Linux kernel developers do not like being experimented on, we have enough real work to do: https://t.co/vWvtxjt7A5 Now, you might find yourself thinking, as do I, that, uninformed of the ethical requirements of security research, and not perfectly in the know of how these sorts of things work, that it illuminates something nonetheless. Various commenters in numerous threads point out that the ability to submit a bug of this sort was already a known threat and that proving it could be done achieved little.

Ian coldwaterJonathan corbettRob sutterScott hanselmanMatthew greenSource softwareUniversity of minnesotaTrust foundationStealthily introducing vulnerabilitiesOpen source softwareHypocrite commitsLinux foundationsentGregk hLinux weekly newsGets rustySource control

How a university got itself banned from the Linux kernel

How a university got itself banned from the Linux kernel The University of Minnesota’s path to banishment was long, turbulent, and full of emotion On the evening of April 6th, a student emailed a patch to a list of developers. Fifteen days later, the University of Minnesota was banned from contributing to the Linux kernel. “I suggest you find a different community to do experiments on,” wrote Linux Foundation fellow Greg Kroah-Hartman in a livid email. “You are not welcome here.” How did one email lead to a university-wide ban? I’ve spent the past week digging into this world the players, the jargon, the university’s turbulent history with open-source software, the devoted and principled Linux kernel community. None of the University of Minnesota researchers would talk to me for this story. But among the other major characters the Linux developers there was no such hesitancy. This was a community eager to speak; it was a community betrayed.

United statesUniversity of minnesotaKenneth whiteDan gilchristGreg scottKangjie luGreg kroah hartmanAditya pakkiQiushi wuJonathan corbetLoren terveenMike dolanSource softwareLinux foundation technical advisory boardLinux foundation onLinux foundation

The Linux Foundation s demands to the University of Minnesota for its bad Linux patches security project

The Linux Foundation s demands to the University of Minnesota for its bad Linux patches security project ZDNet 4 hrs ago © Fatos Bytyqi To say that Linux kernel developers are livid about a pair of University of Minnesota (UMN) graduate students playing at inserting security vulnerabilities into the Linux kernel for the purposes of a research paper On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits is a gross understatement. Greg Kroah-Hartman, the Linux kernel maintainer for the stable branch, well-known for being the most generous and easygoing of the Linux kernel maintainers, exploded and banned UMN developers from working on the Linux kernel. That was because their patches had been obviously submitted in bad faith with the intent to cause problems.

Greg kroah hartmanQiushi wuFatos bytyqiAditya pakkiKangjie luAl viroMike dolanSource softwareLinux foundation technical advisory boardUniversity of minnesotaLinux foundationComputer science engineering departmentStealthily introducing vulnerabilitiesOpen source softwareEngineering departmentTechnical advisory board

L Université du Minnesota interdite de contribution au noyau Linux

L Université du Minnesota interdite de contribution au noyau Linux
lemondeinformatique.fr - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from lemondeinformatique.fr Daily Mail and Mail on Sunday newspapers.

United statesQiushi wuFoundation linuxStealthily introducing vulnerabilitiesLinux stableஒன்றுபட்டது மாநிலங்களில்