In this episode, John walks through Ken Thompson's "Reflections on Trusting Trust". He explains how this paper was the OG paper on Zero Trust written by one of the Godfathers of Unix in 1984.
Hello everybody.
Welcome to no other episode of John Hess Trust Issues where I discuss issues relevant to zero trust and authorization in a few minutes.
Today, I am talking about Ken Thompson's old paper now, 40 years old this year called Trusting Trust, or “Reflections on Trusting Trust”.
It's a great paper and what I consider the OG paper of Zero Trust, where Ken Thompson writes about how easy it is back in those days, uh, back in the 1980s to ride a Trojan horse and shows examples of a C code of riding a Trojan horse that self-propagates within the C compiler.
Now, at the end of his paper, he talks about how the ultimate form of Zero Trust is trusting code that only you yourself write.
And as I reflect on that, you know, the paper is called “Reflections on Trusting Trust.’
Even I don't even trust my own code sometimes.
So there you go. But anyway, yeah, it, it's worth the read, but the link is in the description and it's a great paper to take a look back 40 years ago and really look at one of the godfathers of the Unix operating system and his thoughts on Zero Trust, even though it was in call that back then.
All right, everybody. This episode was sponsored by StrongDM talking about Zero Trust, the Continuous Zero Trust Authorization platform, and we'd love to talk to you.
Thank you very much, and we'll talk to you soon.
