this post was submitted on 12 Oct 2025
34 points (85.4% liked)
Programming
23631 readers
235 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Moral from the original ACM paper: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from com- panies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possi- bility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware mi- crocode. As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect."
And that's why it makes sense to use RISK-V processors made by yourself, instead of processors by other companies.
But make sure you have drawn the masks yourself and not used generating software by some other company, or there may be malicious changes done by them.
I didn't watch the video but thanks to you, I know it was on "Reflections on Trusting Trust".