Reflections On Trusting Trust

Ken Thompson was awarded the Turing award in 1984 (yes, essentially 30 years ago) and as part of his acceptance speech, he presented his paper “Reflections On Trusting Trust“.  In it, he described a scenario in which a C compiler could be modified to provide a back-door into the login command at compilation time, as well as modifying future compilations of  C compilers to replicate this functionality.  Self replicating.

It outlines an import facet of software supply chain security, an issue that the DoD has recently become very interested in.