A classic article that I finally read

Wednesday

Apr142010

The article "Reflections on Trusting Trust" is often mentioned in conversation and cited. I finally tracked down and read this classic, and it is indeed a classic of computer science. And typically for classics, it's short, clear, readable and impactful:

"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ peoplelike me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect." (from Reflections on Trusting Trust)

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Pito Salas' Blog