On April 20, the world became aware of a research program conducted out of the University of Minnesota (UMN) that involved submitting intentionally buggy patches for inclusion into the Linux kernel. Since then, a paper resulting from this work has been withdrawn, various letters have gone back and forth, and numerous patches from UMN have been audited. It's clearly time for an update on the situation.
Good. That was an overreaction and a little silly.
Ethical issues aside, the research does highlight valid problems. I’d like to see the maintainers or the Linux Foundation address those problems and at least begin a discussion on how they could make the system better in the future to strengthen the review process.
Plus at least this time it was just a university conducting an experiment. I’m sure there are more serious attempts at compromising kernel security by entities like the NSA.
Good. That was an overreaction and a little silly.
Ethical issues aside, the research does highlight valid problems. I’d like to see the maintainers or the Linux Foundation address those problems and at least begin a discussion on how they could make the system better in the future to strengthen the review process.
Plus at least this time it was just a university conducting an experiment. I’m sure there are more serious attempts at compromising kernel security by entities like the NSA.