A classic article that I finally read

The article “Reflections on Trusting Trust” is often mentioned in conversation and cited. I finally tracked down and read this classic, and it is indeed a classic of computer science. And typically for classics, it’s short, clear, readable and impactful:

“The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ peoplelike me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.” (from Reflections on Trusting Trust)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s