ACM: Reflections on trusting trust

Posted on 2024-04-06

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

— Ken Thompson

Reflections on Trusting Trust

backdoor in upstream xz/liblzma leading to ssh server compromise

Timeline of the xz open source attack

Scary SSH backdoor malware in Linux supply chain: How to find and fix it!

Fallout from XZ/SSH supply chain attack continues