[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security - trust etc.. (Was: Reading e-mails on text mode)

On Mon, Aug 21, 2000 at 03:08:49PM -0400, Noah L. Meyerhans wrote:

> You can't.  Period.  Same goes for source.  Same goes for commercial
> binaries.  Same goes for any code you haven't read (or had someone you
> thoroughly trust read).

Agreed. However, the classic statement on the subject is even stronger:


It's Ken Thompson's "Reflections on Trusting Trust":

"The moral is obvious. You can't trust code that you did not totally
create yourself. (Especially code from companies that employ people
like me.) No amount of source-level verification or scrutiny will protect
you from using untrusted code."

Bob Bernstein
Esmond, R.I., USA    

Reply to: