Until recently, the federal government was hesitant to adopt open-source software due to a perceived ambiguity around its legal status as a commercial good. In 2009, however, the Department of Defense made it clear that open-source software products are on equal footing with their proprietary counterparts.
We agree, and the first section of our source code policy is unequivocal: We use open-source software, and we do so because it helps us fulfill our mission.
Open-source software works because it enables people from around the world to share their contributions with each other. The CFPB has benefited tremendously from other people’s efforts, so it’s only right that we give back to the community by sharing our work with others.
This brings us to the second part of our policy: When we build our own software or contract with a third party to build it for us, we will share the code with the public at no charge. Exceptions will be made when source code exposes sensitive details that would put the Bureau at risk for security breaches; but we believe that, in general, hiding source code does not make the software safer.
How did the so called user account compromise result in root access? Care to explain?
I'm not privy to the details, but I expect disclosure will be forthcoming as soon as they've traced and patched whatever vulnerability was exploited.
The post on kernel.org states that it was possibly due to a compromised user account. They stated that they discovered it through some errors related to Xnest
Kudos to the kernel.org team for their prompt action and immediate disclosure.