A classic article that I finally read

The article "Reflections on Trusting Trust" is often mentioned in conversation and cited. I finally tracked down and read this classic, and it is indeed a classic of computer science. And typically for classics, it's short, clear, readable and impactful:

"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ peoplelike me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect." (from Reflections on Trusting Trust)