jump to navigation

Trust in programming October 21, 2013

Posted by bkrugman in Security.
trackback

In Mr. Ken Thompson’s lecture “Reflections on Trusting Trust”[1] I think he shows a couple of points.  One is very obvious by reading his paper and the other is not so obvious.  The first point is something that I think a lot of developers and technical people tend to forget or take for granted.  Not everyone in the world is always a good guy.  What I mean by this is there will always be people in the world that will write code and modify code to allow for some form of access.  What a person does with that access or what they do once they find the access is where I think morality should step in, but in some cases it does not.  Some large companies try to curb the malicious behavior of people once a bug, Easter Egg, or gap within application code is found by offering money for reporting the issue rather than exploiting or publishing it.  However, this goes into my second point that I got from Mr. Thompson’s lecture.

People that the media deems as hackers are kids or people who want to use issues and people’s trust for negative ends.  In my opinion a hacker is someone who is out to gain knowledge, by trying to access systems through unconventional means and to try build a better application.  Hackers are the people that will try to exploit a system, but then inform the company of the exploit to try and better the overall system.  By exploiting the system they are gaining knowledge which I believe is at the root of a real hacker’s motivation.

How both of my points play into Trust in programming is that like Mr. Thompson mentioned, a person should never trust code unless they wrote it.  While companies like Microsoft, Google, and Apple might be trustworthy there will always be some code whether compiled or un-compiled that can execute just like his examples did by self-replicating.  While more people in the world are developing applications for smart devices, personal computers (both Windows and Apple), and the Web people would always be somewhat cautious of what they run and who it is from.

 

[1] Thompson, Ken “Reflections on Trusting Trust” Communications of the ACM Volume 27 Issue 8, Aug 1984

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: