[bakedbeanz]

Researchers associated with UMN intentionally submitted patches to the Linux kernel with vulnerabilities in them as an experiment. OSS maintainers shouldn't have to be the unwitting test subjects of experiments and have their time wasted (or worse, have vulnerabilities make it into their source code) so that researchers can write a paper about it.

[jdauriemma]

Another key detail is that the experiment was carried out without having been submitted to or reviewed by the IRB.

[xahrepap]

I feel it should almost be mentioned: It seems to me that the students did this on the existing reputation of the University. The University had been contributing and were generally trusted. So maintainers were reviewing the code based on that reputation.

[dvhh]

Until we have detailed methodology of the experience it does not seems to have been the case (it looked like they use randomized email address).

The only traceable bad patch that can be traced to the university was for one student that tried to coerce its way to patch acceptance, by invoking slander and accusing of other kind of despicable behavior from the reviewer. Which ignited the whole drama (although it started way before that, said student didn't help with the already delicate situation and gave public awareness to the drama).