>>>On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits
Qiushi Wu, and Kangjie Lu.
To appear in Proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland'21). Virtual conference, May 2021.
My guess is: a journal that does not focus on studies of human behavior and whose editors are a) not aware of the ethical problems or b) happy to ignore ethics concerns if the publication is prone to receive much attention (which it is).
But that question is as deep and important to answer as yours :D What can anyone hope to accomplish by doing fake research ? Progress, wealth, peer approval, mating, pleasure ?
So answering that they hope to get more material for papers, which is the only goal of researchers (and their main KPI), is quite deeper an answer than the question required.
They apparently made a tool to find vulnerabilities that could later lead to bugs is a different patch was introduced.
And for some insane reason, they decided to test if these kinds of bugs would be caught by inventing some and just submitting the patches, without informing anyone beforehand.
What any researcher needs to accomplish: more publications
What journal is going to accept a study like this if they haven't obtained proper consent?
IEEE, see the publications list at https://www-users.cs.umn.edu/~kjlu/
>>>On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits Qiushi Wu, and Kangjie Lu. To appear in Proceedings of the 42nd IEEE Symposium on Security and Privacy (Oakland'21). Virtual conference, May 2021.
1 reply →
My guess is: a journal that does not focus on studies of human behavior and whose editors are a) not aware of the ethical problems or b) happy to ignore ethics concerns if the publication is prone to receive much attention (which it is).
The IEEE apparently. It is a clear breach of ethics but apparently they don't care
1 reply →
That might be an interesting topic for research LoL
That’s about as useful as to answer the question “what is this company doing?” with “trying to make money”.
But that question is as deep and important to answer as yours :D What can anyone hope to accomplish by doing fake research ? Progress, wealth, peer approval, mating, pleasure ?
So answering that they hope to get more material for papers, which is the only goal of researchers (and their main KPI), is quite deeper an answer than the question required.
1 reply →
It's a near perfect example of the dangers 'publish or perish'.
Why don't you read the article to find out? https://github.com/QiushiWu/QiushiWu.github.io/blob/main/pap...
They are sending BUGS, and wasting time of people approving patches, in useless and idiotic manner
They apparently made a tool to find vulnerabilities that could later lead to bugs is a different patch was introduced.
And for some insane reason, they decided to test if these kinds of bugs would be caught by inventing some and just submitting the patches, without informing anyone beforehand.
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc....
Perhaps they wish to improve kernel security by pushing reviewers to be more careful.
Or to prove its overall insecurity.