Holy shit I think I lost brain cells after reading all the comments... How did you nitwits end up on the topic of supposed ""SJWs"", one goober screaming about the "CODE OF CONDUCT", and China????? It is fully possible to discuss this whole issue without going into any of that BS. Here, I'll do it myself:

The way that this "study" was carried out was incredibly irresponsible. This was missing an essential part of any ethical pen-test: making sure the target is aware of the whole plan. I'm not sure if any of the Linux kernel maintainers would've agreed to that, or if that would've potentially "tampered" with the results, but that's the only way this could've been done without pissing everyone off. This was an unethical, non-consensual pen-test, and all in all, a very very stupid idea in the first place. Common sense is important.

You needn't worry about that, People have argued math's "correct vs incorrect" approach is somehow about white supremacy already. This will be a piece of cake.

And no, I'm not joking: https://eu.monroenews.com/story/opin...ng/4628230001/

What kind of research requires them to do this more than 200 times?

Yah, this is basically exactly what they were doing, they discuss this concept and approach in the paper that the prof published.

Honestly our whole western education system needs a major reset.

Well. At least they're not studying school massacres or the problem with rapes on campus or something like that. That would be _really_ scary.

You need a big enough sample size so it cannot be said to be a fluke error. I would guess they were aiming for over 1000 times at least. Of course the danger of causing a major screw up from this kind of research should have had it stopped at board of ethics are dangerous. Yes needing a broad sample size was taking a high risk of getting adverse response from Linux kernel developers.

Before universities started mandating boards of ethics there were studies of effect of rape with intentional rapes inside some university campus on female student who were about to fail out of course. So horible rapes on campus have been studied that way a long way back. No one was nuts enough to-do school massacres as far as I know I could be wrong but I hope not. Of course a well functioning board of ethics is meant to stop these levels of stupidity in their tracks.

Horrible there is a valid Company reason to add bugs.

Yes it called the Bebugging process where you intentionally add bugs to beta products that testers should report if they are doing the testing they are being paid to do.

Of course you are not meant to-do this to final production code or without the knowledge of those making final production code.

pmorph there are valid and legal reasons to-do almost anything. The process the university was doing with maintainer approval would not have been problem legally but it was without approval. Like could I have this pile of known defective patches put into Linux kernel next branch to check out detecting and testing rate with the kernel developers knowing this patches have to be removed before production releases would have been Bebugging. This could be used to detect areas in the Linux kernel tree that are not getting regular testing. Of course selling this to the Linux kernel maintainers would be a uphill battle.

Remember you can do almost anything legally and above board just to require more paperwork and agreements and consideration risks or you can do what the University here did take the easy way out and do something illegal because you don't have the correct agreements and consideration of risks in place to control the risk.

Yes beta test software having a 90 day functionality time out added is one of the risk mitigation when doing Bebugging so even if a security fault is add in by the Bebugging in 90 days fault should no longer be in the wild to be exploited and this generally faster than attackers can find a fault and create the tools to take advantage of a fault. Consideration of risk and the required mitigation this is not present in this universities study or any of the actions they have been doing.

To know the percentage of the malicious commits that get caught.

Will this have an impact on the current 5.12 release plan?

Some people saying about 'ethics' must be living in a dream. It's enough to check the news to notice there's mostly no ethics in 'our era'. It seems for many people it's 'ethical' to use atomic bombs against civilians, destroy Afghanistan, Iraq, Syria and their legacy, treat people like slaves (some corporations for example), conduct medical experiments, spread lies all the time in medias (welcome CNN and NYT). If someone expects 'ethics' from mentioned people or institutions then it's his fault.

However, it's nothing. Microsoft intentionally spies its users, so who cares?