Kevin Beaumont on Nostr: If anybody is wondering if there’s been academic research about deliberately ...
If anybody is wondering if there’s been academic research about deliberately submitting vulnerabilities into open source - yes.
“On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” was a multi year research study by people at the University of Minnesota where they submitted exploitable vulnerabilities into the Linux kernel.
PDF: https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf
“On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits” was a multi year research study by people at the University of Minnesota where they submitted exploitable vulnerabilities into the Linux kernel.
PDF: https://linuxreviews.org/images/d/d9/OpenSourceInsecurity.pdf