Accidentally, incomplete wording sneaked into the Conclusions chapter, as “integrity” instead of “integrity assurance”.
The following lines:
On the contrary, integrity of *artifacts* ...
is *at best* as good as the integrity of ...
shall be read as
"On the contrary, integrity assurance of *artifacts*" ...
"is *at best* as good as the integrity assurance of" ...
(an excerpt from a message to Dr. David A. Wheeler who researched countering the “trusting trust” attack)
also, even though not mentioned in ref, VSOBFS/SSSBEA-CODRB is applicable in a straightforward fashion to source code audition, to remove the concerns about trustability of the tools used to copy/compare/view the sources, by auditing the sources directly on the (diverse) installations where they are to be used
(end of excerpt)
Last modified: 2024-05-29