The University of Minnesota Banned by Linux – Why Open Source is Problematic
Recently, two researchers from the University of Minnesota and fellow graduates could upload intentionally buggy code and junk code into the Linux Kernel and accepted by the community. Why did the researchers do this, how did the Linux community react, and what does this demonstrate about open source software?
Researchers Upload Buggy Code to Demonstrate Security Flaws
Recently, a paper was released by the University of Minnesota written by Qiushi Wu and Kanhjie Lu titled “On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits”. The paper describes how the two researchers could generate code that claims to fix one bug in the Linux kernel while intentionally introducing other bugs. The Linux kernel is open-source, and as such, can be accessed by the wider community, and anyone can suggest changes to the code via submissions.