[trustable-software] Does Code Reuse Endanger Secure Software Development? [slashdot]

trustable at panic.fluff.org trustable at panic.fluff.org
Mon Dec 19 20:58:37 UTC 2016


On Mon, 19 Dec 2016, Paul Sherwood wrote:

> On 2016-12-19 15:52, John Ellis wrote:
>> I came across this post yesterday. Will be interesting to watch and
>> see how folks respond to the open question.
>> 
>> 
> https://it.slashdot.org/story/16/12/17/1751234/does-code-reuse-endanger-secure-software-development
>

I wonder if we shouldn't begin with the approach outlined by Ken Thompson


   https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

However, this does limit what might be created, and assumes that we are 
competent to assess our own deliveries of code.

Perhaps a more appropriate is like that of Fiat currencys
    https://en.wikipedia.org/wiki/Fiat_money

where the fact they are re-used and seen as value is enough for us to 
place our trust in them, as we are aware of who issued them.



-- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841




More information about the trustable-software mailing list