Reflections on Trusting Trust

lore

securityprogramming

Ken Thompson's 1984 demonstration that a compiler can hide a self-propagating backdoor invisible in the source.

In his Turing Award lecture, Thompson described teaching a compiler to insert a login backdoor and to re-insert that same trick whenever it compiled a fresh compiler, so the malice survived even though no source contained it. The moral - you cannot fully trust code you did not write yourself, down to the tools - still anchors supply-chain security.

Also known as: the Thompson hack, trusting trust, compiler backdoor

All glossary entries