Seonglae ChoPeople who use software have to just trust that the manufacturer is honest
There is no practical way to determine whether software really does what the manufacturer says it does, even if it is open source.
- Whether to provide APIs or SDKs that provide elemental technologies
- Whether to provide in the form of a platform that combines elemental technologies
- Whether to provide in the form of a service where elemental technologies are concentrated
Software Companies
Software Industry Notion
Why it's hard to trust software, but you mostly have to anyway
My long-time collaborator Richard
Barnes[1]
used to say
that "in security, trust is a four letter word", and yet the
dominant experience of using any software-based system—which is,
you know, pretty much anything electronic—is trusting the
manufacturer. Not only is there no meaningful way to determine what
software is running on a given device
without trusting the device, even when you download the software
yourself, verifying that it's not malicious is extraordinarily
difficult in practice and mostly you just end up trusting the vendor
anyway.
Obviously, most vendors are honest, but what if they're not?
https://educatedguesswork.org/posts/ensuring-software-provenance/
