Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Thanks for the context. Btw, we do not subcontract any development.
tomorrow_maybe

Thanks for the reply. Just to add some context to this....

WinSCP is used by a very large amount of Sys Admins. These guys have root access to huge amounts of systems.

WinSCP would be / is a prime target for exploitation, like the Solar Winds attack.

For example, if you sub contract code work out to third parties, and they get compromised, what happened with Solar Winds could happen to WinSCP.

Of course many in the IT ecosphere will be in this position too.

Maybe you only use libraries from OpenSSL, and PuTTY, and Microsoft DLL's etc, which would be quite safe.

It's an emerging threat that all software developers should be aware of.

WinSCP is a fantastic project, it would be a tragedy if something bad happened

Hope that makes sense
martin

Re: WinSCP Code Integrity and Trustworthiness

Thanks for your post.
WinSCP uses trusted libraries and code bases, mainly OpenSSL and PuTTY.
Imo, both are reviewed and trustworthy.
tomorrow_maybe

WinSCP Code Integrity and Trustworthiness

Hello WinSCP

First of all thank you for providing this excellent software to the community, millions of users have benefitted from your work.

Over the years WinSCP has developed into a widely respected and trusted tool.

However recently many serious secuirty issues have been observed in the software supply chain where malicious code has been surreptitiously embedded into legitimate programs, often by third party coding vendors.

There is no suggestion whatsoever that WinSCP has suffered any such issues, and is a very highly regarded utility by the community.

Nevertheless what assurances can be given to users in order to maintain confidence in the integrity of WinSCP, and what advice can be given to users to ensure what they download is trustworthy ?

Thank you.