Critical devices should either be simple, or they should run open source firmware. If governments had required the ability to audit the IC designs that go into medical, military and national infrastructure equipment, then we would now have open source ICs.
I am seeing an incredible resistance to this idea of increasing the situational awareness and capabilities of the people who provision and maintain large deployments. Perhaps it is too soon to propose solutions. Perhaps, today, we should just express solidarity with the victims, and try to warn operators of unaffected, but vulnerable systems to temporarily take them offline.
My apologies to those that I have offended. As a software developer who has struggled for years to articulate the need for transparency and simplicity in our systems, I feel very frustrated right now.
I am seeing an incredible resistance to this idea of increasing the situational awareness and capabilities of the people who provision and maintain large deployments. Perhaps it is too soon to propose solutions. Perhaps, today, we should just express solidarity with the victims, and try to warn operators of unaffected, but vulnerable systems to temporarily take them offline.
My apologies to those that I have offended. As a software developer who has struggled for years to articulate the need for transparency and simplicity in our systems, I feel very frustrated right now.