WinSCP Code Integrity and Trustworthiness

Advertisement

tomorrow_maybe
Donor
Joined:
Posts:
2
Location:
UK

WinSCP Code Integrity and Trustworthiness

Hello WinSCP

First of all thank you for providing this excellent software to the community, millions of users have benefitted from your work.

Over the years WinSCP has developed into a widely respected and trusted tool.

However recently many serious secuirty issues have been observed in the software supply chain where malicious code has been surreptitiously embedded into legitimate programs, often by third party coding vendors.

There is no suggestion whatsoever that WinSCP has suffered any such issues, and is a very highly regarded utility by the community.

Nevertheless what assurances can be given to users in order to maintain confidence in the integrity of WinSCP, and what advice can be given to users to ensure what they download is trustworthy ?

Thank you.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
36,052
Location:
Prague, Czechia

Re: WinSCP Code Integrity and Trustworthiness

Thanks for your post.
WinSCP uses trusted libraries and code bases, mainly OpenSSL and PuTTY.
Imo, both are reviewed and trustworthy.

Reply with quote

tomorrow_maybe
Donor
Joined:
Posts:
2
Location:
UK

Thanks for the reply. Just to add some context to this....

WinSCP is used by a very large amount of Sys Admins. These guys have root access to huge amounts of systems.

WinSCP would be / is a prime target for exploitation, like the Solar Winds attack.

For example, if you sub contract code work out to third parties, and they get compromised, what happened with Solar Winds could happen to WinSCP.

Of course many in the IT ecosphere will be in this position too.

Maybe you only use libraries from OpenSSL, and PuTTY, and Microsoft DLL's etc, which would be quite safe.

It's an emerging threat that all software developers should be aware of.

WinSCP is a fantastic project, it would be a tragedy if something bad happened

Hope that makes sense

Reply with quote

Advertisement

You can post new topics in this forum