For those who don't get the reference, there was an incident where security research by University of Minnesota students/professors was conducted without communicating or receiving permission from anyone on the Linux side or from the Institutional Review Board (IRB).
It raised a lot of questions about conducting ethical security research on open source projects, whether security research of this nature counts as an "experiment on people" (which has a lot more scrutiny, obviously), etc.
"[...] Lu and Wu explained that they’d been able to introduce vulnerabilities into the Linux kernel by submitting patches that appeared to fix real bugs but also introduced serious problems."
https://cse.umn.edu/cs/linux-incident
https://www.theverge.com/2021/4/30/22410164/linux-kernel-uni...