But, as we learned from the famous Ken Thompson paper " Reflections on Trusting Trust," we need to be very aware of what we are trusting and why we are trusting it. Compilers can be compromised, for example, so that even otherwise secure software can end up having weaknesses in it.
That means we need to place an extra emphasis on our security testing of code that matters (to us). Things like dynamic validation testing to verify that our security requirements are indeed being faithfully executed simply must be done.
As a community, our "security virginity" is lost — if ever we had it in the first place. We can no longer merely rely on things like SSL/TLS to keep our data (in transit) secure. We have to question everything, and we have to double-check our work to ensure that even the most basic levels of trustworthiness are being met.
It is a sad state of affairs that has brought us to this point, and restoring our confidence is going to require a tremendous and concerted effort. We cannot simply go back to the status quo and hope for the best.
But if we focus our top-down and bottom-up efforts appropriately, perhaps we can bore a tunnel from both ends and actually meet halfway across, much as they built the Chunnel years ago. But, unlike the Chunnel, we don't only have to span the English Channel. We have to span the Atlantic Ocean, the Pacific Ocean, the Indian Ocean, the...
Sign up for Computerworld eNewsletters.