Comment by mkr-hn
12 years ago
I would expect Google and similarly enormous companies to have a process in place to keep rogue agents from inserting backdoors and malicious code.
12 years ago
I would expect Google and similarly enormous companies to have a process in place to keep rogue agents from inserting backdoors and malicious code.
You have to trust your developers. You can do audits, but the problem is intractably difficult. Developers have a TREMENDOUS amount of power. Trust is absolutely, utterly, irreconcilably fundamental to the job. If you cannot trust your developers, you are screwed every which way to Sunday. If your developers are compromised, you have to assume that your whole business is compromised.
While this another angle, I was referring to the fact that many people will see these engineers as immoral and spineless. I know that I would not hire the person who drew that smiley face or any of their accomplices.
And if you did hire that person, I would never trust you again with my business.
http://xkcd.com/898/