Column The trouble with good ideas is that, taken together, they can be very bad. It's a good idea to worry about supply chain malware injection – ask SolarWinds – and a good idea to come up with ways to stop it. It's even a good idea to look at major open-source software projects, such as the Linux kernel, with their very open supply chain, and ask – is this particularly vulnerable? After all, a poisoned Linux kernel would be bad enough to make people forget SolarWinds.
Guess what? If you have all of those good ideas and decide to test the Linux kernel supply chain by poisoning it: you have had a bad idea. A very bad idea. An idea bad enough to get your entire university banned from kernel devland, as researchers from Minnesota found out
Support the originator by clicking the read the rest link below.
