Security

Running the “Reflections on Trusting Trust” Compiler

Posted on October 25, 2023 | Loren Kohnfelder

In the Afterword of my book I mention Ken Thompson’s classic “Trusting Trust” paper showing how to embed a backdoor into an OS by compiling the compiler such that the modification is invisible in source code. [Read More]

security

On the Signature Reblocking Problem in Public Key Cryptosystems

Posted on May 30, 2023 | Loren Kohnfelder

In Chapter 5 of the book I write about my good fortunate meeting two of the RSA algorithm inventors at MIT, and collaborating with them. [Read More]

security

Learning from Log4j

Posted on December 14, 2021 | Loren Kohnfelder

With Log4j very much in the news, if I could update my new book by magic it would make a terrific real world example to write about because it ties together a number of topics in the book. [Read More]

security

A Wicked Problem

Posted on November 17, 2021 | Loren Kohnfelder

A wicked problem is one that is difficult to even clearly describe because of its diffuse and interconnected nature, and this is a useful lens to view software security. [Read More]

security

Vulnerabilities are Mistakes

Posted on November 9, 2021 | Loren Kohnfelder

Spilled coffee beans, breaking the sound barrier, and software security The Right Stuff is Tom Wolfe’s popular history of the US astronaut program, and it begins by recounting the early effort to break the sound barrier which involved such frequent crashes that there were weekly funerals for test pilots. [Read More]

security

Scope of the book

Posted on November 3, 2021 | Loren Kohnfelder

One big learning for me from writing a book on software security is realizing the importance of context to security. There was a constant challenge of discovering the right scope — what needs adding, and what can be cut to keep it concise. [Read More]

security

Root causes

Posted on November 1, 2021 | Loren Kohnfelder

Each time a high-profile software security bug is reported, I wonder how this happened yet again. I don’t expect vulnerabilities to approach zero any time soon, but still I’d like to know how this keeps happening over and over, so we can do better. [Read More]

security