Reflections on Trusting Trust by Ken Thompson
Posted by creining | Filed under Security
I came across the classic Ken Thompson article from a 1984 Communication of the ACM entitled “Reflections on Trusting Trust”. The moral that he lays out is “You can’t trust code that you did not totally create yourself.” after he chooses to trojan the C compiler. This is obviously a true statement but I think the trust can and does translate well into the open source development model. You can have many different people working on the same code base, many people will therefore be perusing the code, and most projects use CVS for version control which makes it easy to track what code is being committed (especially with auto-magic email diffs upon commit).
Comments are closed.