Hope it is obvious, still, always use the official WinSCP application and consider Verifying Integrity of the Installer.
- Petr
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- martin
Thanks for the context. Btw, we do not subcontract any development.
- tomorrow_maybe
Thanks for the reply. Just to add some context to this....
WinSCP is used by a very large amount of Sys Admins. These guys have root access to huge amounts of systems.
WinSCP would be / is a prime target for exploitation, like the Solar Winds attack.
For example, if you sub contract code work out to third parties, and they get compromised, what happened with Solar Winds could happen to WinSCP.
Of course many in the IT ecosphere will be in this position too.
Maybe you only use libraries from OpenSSL, and PuTTY, and Microsoft DLL's etc, which would be quite safe.
It's an emerging threat that all software developers should be aware of.
WinSCP is a fantastic project, it would be a tragedy if something bad happened
Hope that makes sense
WinSCP is used by a very large amount of Sys Admins. These guys have root access to huge amounts of systems.
WinSCP would be / is a prime target for exploitation, like the Solar Winds attack.
For example, if you sub contract code work out to third parties, and they get compromised, what happened with Solar Winds could happen to WinSCP.
Of course many in the IT ecosphere will be in this position too.
Maybe you only use libraries from OpenSSL, and PuTTY, and Microsoft DLL's etc, which would be quite safe.
It's an emerging threat that all software developers should be aware of.
WinSCP is a fantastic project, it would be a tragedy if something bad happened
Hope that makes sense
- martin
Re: WinSCP Code Integrity and Trustworthiness
Thanks for your post.
WinSCP uses trusted libraries and code bases, mainly OpenSSL and PuTTY.
Imo, both are reviewed and trustworthy.
WinSCP uses trusted libraries and code bases, mainly OpenSSL and PuTTY.
Imo, both are reviewed and trustworthy.
- tomorrow_maybe
WinSCP Code Integrity and Trustworthiness
Hello WinSCP
First of all thank you for providing this excellent software to the community, millions of users have benefitted from your work.
Over the years WinSCP has developed into a widely respected and trusted tool.
However recently many serious secuirty issues have been observed in the software supply chain where malicious code has been surreptitiously embedded into legitimate programs, often by third party coding vendors.
There is no suggestion whatsoever that WinSCP has suffered any such issues, and is a very highly regarded utility by the community.
Nevertheless what assurances can be given to users in order to maintain confidence in the integrity of WinSCP, and what advice can be given to users to ensure what they download is trustworthy ?
Thank you.
First of all thank you for providing this excellent software to the community, millions of users have benefitted from your work.
Over the years WinSCP has developed into a widely respected and trusted tool.
However recently many serious secuirty issues have been observed in the software supply chain where malicious code has been surreptitiously embedded into legitimate programs, often by third party coding vendors.
There is no suggestion whatsoever that WinSCP has suffered any such issues, and is a very highly regarded utility by the community.
Nevertheless what assurances can be given to users in order to maintain confidence in the integrity of WinSCP, and what advice can be given to users to ensure what they download is trustworthy ?
Thank you.