I guess, even in the intelligent coding/open source community, whistle blowers are not revered but are cast outs. Linux open source team decided to ban University of Minnesota outright for research how easy it is to introduce a Linux kernel backdoor vulnerability into the delivery supply chain. Opps, to close to comfort. Really a sophomoric/moronic response.
However you feel about what these researchers did (Chris Gaun, for example, argued, "A researcher showed how vulnerabilities can EASILY make it through [the] approval process"), this isn't really about Linux, or open source, security. It's always been the case that it's possible to get bad code into good open source projects. Open source software isn't inherently secure. Rather, it's the open source process that is secure, and while that process kicks in during development, it's arguably most potent after vulnerabilities are discovered.
Research Paper : qiushiwu.github.io/OpenSourceInsecurity.pdf at main · QiushiWu/qiushiwu.github.io
No comments:
Post a Comment