|
|
|
|
|
|
by close04
2651 days ago
|
|
|
> it might be This is the crux of the matter. While your statements are perfectly correct, their implications aren't. The assumption with open source is always that it's easily auditable and anyone can see the source (code, floorplan, etc.) which somehow implies the finished binary or chip that you have received is "safe". And herein lies the problem: 1) Assuming the source is really clean there's no guarantee the end product is; 2) Even if the source appears to be clean you have no guarantee it was actually (thoroughly) checked because "someone else" always checks. The best example I can give you is OpenSSL, a library used by most of the internet and hundreds of billion+ $ companies (and hundreds of thousands of million+ $ ones). It took 2 years for anyone to notice it. And there are far more qualified SW engineers around that could have spotted the bug than there are HW engineers capable of finding the equivalent backdoor in a complex piece of silicon. So I am very skeptical that someone would notice one if one was there. |
|
|