First, I would expect that if someone like Ken Thompson says something like this there is more to the comment than you are going to get from the blurb. You really must read it.
Secondly, if you read it, you will recognize that what he is talking about is a real issue, particularly in the post-Snowden era and is totally relevant to the article. And his point really is that you can never be sure there isn't a backdoor planted somewhere in your software or hardware. Even if you write all the code yourself, it is still operating in an environment that you did not build.
Understanding this problem at its root is the beginning of an understanding into why depth is so important to IT security and why all our current approaches at trusted binaries are inadequate at least on their own.
Reading three pages by Ken Thompson takes effort. Retweeting some Snowden meme is easy.
What can you say to someone that thinks Ken Thompson has no relevance in the modern world or thinks he does not need to read something in order to judge if the one sentence he pulled out was taken out of context?
> What can you say to someone that thinks Ken Thompson has no relevance in the modern world or thinks he does not need to read something in order to judge if the one sentence he pulled out was taken out of context?
That those who do not understand UNIX (or history!) are destined to reinvent it badly (shamelessly stealing from Harry Spencer).
Secondly, if you read it, you will recognize that what he is talking about is a real issue, particularly in the post-Snowden era and is totally relevant to the article. And his point really is that you can never be sure there isn't a backdoor planted somewhere in your software or hardware. Even if you write all the code yourself, it is still operating in an environment that you did not build.
Understanding this problem at its root is the beginning of an understanding into why depth is so important to IT security and why all our current approaches at trusted binaries are inadequate at least on their own.