Trojan Source - Bad Characters Are Coming for Your Code

Explore a critical cybersecurity threat in this conference talk that unveils a technique for creating invisible vulnerabilities in source code. Discover how adversaries can manipulate text encoding to craft code that displays different logic to compilers than to human reviewers, posing a significant risk for supply chain attacks. Learn about the wide-ranging implications of these "evil encodings" across various subfields of computer science, including their potential to compromise production systems for toxic content identification and machine translation. Delve into a series of practical defenses that developers can implement to mitigate their exposure to this threat vector. Gain insights into the research process, coordinated disclosure efforts, and the resulting press coverage and developer tool updates. Examine the connections between this attack and adversarial examples in machine learning, and understand the broader implications for trusting source code. Access additional resources and explore future directions in this critical area of cybersecurity research.