University Suspends Project After Researchers Submitted Vulnerable Linux Patches
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
The University of Minnesota has suspended a research project after complaints that two student researchers submitted intentionally vulnerable code to the maintainers of the Linux kernel as a way to investigate whether supply chain integrity issues affected the widely used Linux ecosystem.
At the core of the kerfuffle is a research paper accepted to next month s prestigious IEEE Symposium on Security and Privacy. The paper describes a research project that aimed to determine the resilience of open source software projects to purposely flawed patches, through which attackers could introduce vulnerabilities to be exploited at a later time. The researchers submitted at least three updates that could have added vulner
Attackers Compromised Code-Checking Vendor s Tool
darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
Pandemic Pushes Bot Operators to Redirect Efforts
darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.