Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

More than 80 Linux devs called on to help to fix 'mess' created by rogue contributors

Image Description

It took over 80 developers to review the Linux kernel and ensure it was free of tainted code recently submitted by University of Minnesota (UNM) researchers.

The “Hypocrite Commits” row erupted last month when senior kernel developer Greg Kroah-Hartman urged the community to review all contributions made by UNM after catching researchers from the university deliberately sending compromised code submissions to the kernel.

Turning in a set of fixes for the current under development kernel release, Kroah-Hartman last week, noted that the majority of the changes are the result of the thorough review.

“That [review of past UNM submissions] resulted in a bunch of reverts along with the "correct" changes made, such that there is no regression of any of the potential fixes that were made by those individuals. I would like to thank the over 80 different developers who helped with the review and fixes for this mess,“ wrote Kroah-Hartman.

Herculean review

An analysis of Kroah-Hartman’s submission by Phoronix reveals that he reverted just over three dozen UNM patches spanning across several areas of the kernel, from the media subsystem to networking.

These 37 though were part of the over 150 patches that developers from UNM have submitted over the years and reviewing them all in a timely fashion took about seven dozen developers.

Earlier this month, the Linux Foundation’s Technical Advisory Board (TAB) prepared a report about the incident to share findings from the code review.

Importantly, TAB suggested that going forward UNM should consider getting all its submissions reviewed by an experienced developer, which is a review process that’s followed by many companies that contribute to the kernel. 

TAB considered this necessary in order “to re-establish the trust between UMN and the kernel community.”

Via The Register

Date

24 May 2021

Sources


Share


Other Blog

  • Windows 10 bug that’s dropping frame rates hasn’t been fixed after all

    Glitch that slows down games just won’t die, sadly, as reports are still coming in from affected users even after the fix.

    Read More
  • Most businesses don't think they could respond to a cyberattack today

    With cyber-threats evolving on a daily basis, talented workers being extremely difficult to find, and security tools being subpar compared to the arsenal of malicious actors, many organizations nowadays don’t feel confident in their ability to respond to incidents, or staying compliant with rules and legislation. 

    These are the conclusions in a new research paper from Rackspace Technology, which after surveying 1,420 IT decision-makers across numerous industries, found that two in five (39%) lack the confidence to tackle these issues. Just a third (36%) feel confident in their ability to stay compliant.

    The key problem - constantly evolving security threats, such as malware, and attack methods - was cited by almost two-thirds (60%) of respondents. Further on, more than half (53%) don’t have the necessary tools to properly identify security incidents across multi-cloud environments, something they hope will change, within the next three years. 

    Third parties to the rescue

    Then, there is the issue of talent. Almost half (44%) are struggling to find and retain talented cybersecurity workers. Those skilled in cloud security and data privacy are most in demand these days. To try and solve the problem, most UK businesses rely on in-house staff, with some third-party assistance. The majority, however, (56%) use up to five external cybersecurity providers, including Security Value Added Resellers, Managed Security Service Providers, and Managed Detection & Response Providers.

    Integrated risk, application security, and data security are the top three areas most likely outsourced, the report further found.

    For Andy Brierley, UK General Manager at Rackspace Technology, cybersecurity is extremely trick to address, mostly due to the accelerated pace at which digital transformation is happening in all the key sectors.

    “Given the current digital skills gap and ongoing recruitment challenges, it is important that businesses seek further support from third-party partners to help identify and address their weaknesses,” he said.

    “Few businesses have all bases covered – people, processes, and technology in place – when it comes to a mature cybersecurity model. Working with a partner that can bring these specialist skills and tailor them to specific requirements is an increasingly popular and effective way to ensure and increase overall confidence in addressing cybersecurity needs.”

    Make sure to also check out our list of the best firewall providers today

    Read More
  • Monday.com says its source code was hit in recent cyberattack

    Monday.com is the most recent victim of last month’s supply-chain attack on Codecov.

    Read More
  • Amazon Kindle Unlimited now lets you download double as many books

    Amazon Kindle Unlimited now lets you download double the books or comics at the same time.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us