alt Hacker NewsNASA describes some impressive work for runtime integrity, but the lack of mention of build-time security is surprising.
I would expect to see multi-party-signed deterministic builds etc. Anyone have any insight here?
NASA describes some impressive work for runtime integrity, but the lack of mention of build-time security is surprising.
I would expect to see multi-party-signed deterministic builds etc. Anyone have any insight here?
What would the threat profile be here to require that? Regardless, I'd be a little surprised if they didn't have anything like that; provenance is very important in aerospace, with hardware tracked to the point that NTSB investigators looking at a crash can tell what ingot a bolt was made from