**Threat Model Shift**: Prior to Thompson’s work, I trusted code’s *source* (e.g., "free of Trojan horses"). Thompson’s self-reproducing compiler and hidden bugs reveal the real vulnerability: **trust hinges on *people*, not code**. Hidden dependencies (e.g., compilers) can be Trojan horses because *the same people wrote them*, so bugs persist until execution.  

**Defense Strategy**:  
1. **Chain of trust**: Build the program with a *trusted compiler* (e.g., FORTRAN to compile C code). If the top compiler is verified, all downstream code inherits trust.  
2. **Digital signatures**: Sign source code to verify authorship (e.g., using RSA).  
3. **Version control**: Track commits to detect hidden modifications (e.g., *commit history* to spot Stage III bugs).  
4. **Self-checking**: Compile with multiple compilers (e.g., C → FORTRAN) to validate outputs.  

This shifts focus from static analysis to validating the *trust chain* between tools and code—ensuring no hidden bugs in dependencies.