[trustable-software] Does Code Reuse Endanger Secure Software Development? [slashdot]
trustable at panic.fluff.org
trustable at panic.fluff.org
Mon Dec 19 20:58:37 UTC 2016
On Mon, 19 Dec 2016, Paul Sherwood wrote:
> On 2016-12-19 15:52, John Ellis wrote:
>> I came across this post yesterday. Will be interesting to watch and
>> see how folks respond to the open question.
>>
>>
> https://it.slashdot.org/story/16/12/17/1751234/does-code-reuse-endanger-secure-software-development
>
I wonder if we shouldn't begin with the approach outlined by Ken Thompson
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
However, this does limit what might be created, and assumes that we are
competent to assess our own deliveries of code.
Perhaps a more appropriate is like that of Fiat currencys
https://en.wikipedia.org/wiki/Fiat_money
where the fact they are re-used and seen as value is enough for us to
place our trust in them, as we are aware of who issued them.
--
========================================================================
Edmund J. Sutcliffe Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org> Implemented and Communicated
<http://panic.fluff.org> +44 (0) 7976 938841
More information about the trustable-software
mailing list