On “Reflections on Trusting Trust”

In 1984, Ken Thompson wrote “Reflections on Trusting Trust”, and it is still valid today.

All students writing anything higher level than machine code (does anyone still do that?) should have an appreciation of what goes on at various points in the toolchain, and how it can be exploited at each of those levels.

The article can be read here and is also has some refelections on Open Source to consider.

Obfuscation can happen at many levels and nobody’s commits should be taken at face value – only vigilance in code reviews will keep everyone honest.

Oh, and apparently he implemented it, but never distributed the compiler.

Twitter Updates for 2011-09-26