[dwheeler]

"Reflections on Trusting Trust" is really awesome; it's a very cogent discussion of the problems of subverted tools (like compilers).

If you read that, you should also take a look at my PhD dissertation which discusses how to counter it. It's "Fully Countering Trusting Trust Through Diverse Double-Compiling" (2009), available at: https://www.dwheeler.com/trusting-trust . It was discussed on Hacker News in 2016; here's the link: https://news.ycombinator.com/item?id=12666923

Another related work is the reproducible builds work; a good link is here: https://reproducible-builds.org/

[jdnc]

Yes, its one of my favorite papers. Thanks for the pointers, very useful.