How do you confirm that a train controller or any other piece of hardware does not contain a backdoor using industry standard software tools?

You can write whatever you want into a contract, but if you have no way to validate it, it's meaningless.

Also, the state-owned (and subsidized) Chinese company that doesn't have to play by the West's antitrust rules doesn't need to worry about your "contagion" concerns.

▲

jacquesm 8 hours ago | parent | next [-]

You rip it out and replace it with one that you can trust. And of course you hope you find all of them.

▲

LtWorf 11 hours ago | parent | prev [-]

> You can write whatever you want into a contract, but if you have no way to validate it, it's meaningless.

3rd party audit like everything else?

▲

bpt3 11 hours ago | parent [-]

Okay, if you want to pass responsibility off to someone else, how does the third party auditor do it?

I'm not talking about checking a compliance box, I'm talking about actually confirming no backdoor exists.

▲

jacquesm 8 hours ago | parent | next [-]

That's proving a negative. You are always going to end up with something like 'to the best of our ability'.

	▲	bpt3 5 hours ago \| parent [-]
		You figured it out. It's trivial to include a backdoor in a large system of systems, and one placed by a remotely competent adversary will not be found. So what's the point of a regulation that can't be enforced?

▲

LtWorf 4 hours ago | parent | prev [-]

So you claim it's never possible to audit anything?