Steven W, 2021-04-23 03:06 »
In February 2021, UMN researchers published a research paper titled, "Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits."
The focus of this research was to deliberately introduce known security vulnerabilities in the Linux kernel, by submitting malicious or insecure code patches.
As seen by BleepingComputer, the researchers demonstrate many examples of instances where they introduced known vulnerabilities by making these "hypocrite" patch commits...
Greg,
I respectfully ask you to cease and desist from making wild accusations that are bordering on slander.
These patches were sent as part of a new static analyzer that I wrote and it's sensitivity is obviously not great. I sent patches on the hopes to get feedback. We are not experts in the linux kernel and repeatedly making these statements is disgusting to hear.
Obviously, it is a wrong step but your preconceived biases are so strong that you make allegations without merit nor give us any benefit of doubt. I will not be sending any more patches due to the attitude that is not only unwelcome but also intimidating to newbies and non experts.
Translated to English:
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE, DAS RACIST AND YOU'RE PART OF THE PATRIARCHY! REEEEEEEEEEEEEEEEEEEEEEEEEEEE!
Of course these 'hypocrite patches' were signed off on by the University's Internal Review Board.
"We had carefully considered this issue, but could not figure out a better solution in this study," state the researchers.
Scum of the earth.
[quote]In February 2021, UMN researchers published a research paper titled, "Open Source Insecurity: Stealthily Introducing Vulnerabilities via Hypocrite Commits."
The focus of this research was to deliberately introduce known security vulnerabilities in the Linux kernel, by submitting malicious or insecure code patches.
As seen by BleepingComputer, the researchers demonstrate many examples of instances where they introduced known vulnerabilities by making these "hypocrite" patch commits...[/quote]
[quote]Greg,
I respectfully ask you to cease and desist from making wild accusations that are bordering on slander.
These patches were sent as part of a new static analyzer that I wrote and it's sensitivity is obviously not great. I sent patches on the hopes to get feedback. We are not experts in the linux kernel and repeatedly making these statements is disgusting to hear.
Obviously, it is a wrong step but your preconceived biases are so strong that you make allegations without merit nor give us any benefit of doubt. I will not be sending any more patches due to the attitude that is not only unwelcome but also intimidating to newbies and non experts.[/quote]
Translated to English:
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE, DAS RACIST AND YOU'RE PART OF THE PATRIARCHY! REEEEEEEEEEEEEEEEEEEEEEEEEEEE!
Of course these 'hypocrite patches' were signed off on by the University's Internal Review Board.
[quote]"We had carefully considered this issue, but could not figure out a better solution in this study," state the researchers.[/quote]
Scum of the earth.