From a New York Times article on computer hackers this morning:

“One of the U.S. government’s biggest worries is that the attackers will place that source code back into products,” said George Kurtz, the chief technology officer at McAfee.

Excuse me? First, I’d like to know who in the U.S. Government provided a list of “biggest worries,” and second, it’s incredible to me that contaminated “source code” is even in the top 100 U.S. Government problems – Something tells me Afghanistan, health care, infrastructure and many others are a helluva lot closer to the top.

If George Kurtz truly believes what he was quoted as saying, and he’s the technology guru at McAfee, then I would strongly recommend the immediate uninstallation of all McAfee products from your PC immediately. You don’t want to run software from a company with nut jobs at the helm.

With the exception of scripts, computer code comes in two flavors, source code and executable – Source code is the human-readable instructions, and executable is the actual program that’s distributed online or on CD/DVDs.

Essentially, source code is the cookie recipe, and executable is the cookie itself. Imagine someone contaminating your chocolate chip cookie recipe by adding a line that says “Stir in 3 oz of chili pepper.”

The two problems with Kurtz’ argument are that first, contaminating source code would require access to the secure areas of the company. Source code is highly proprietary and considered company jewels. It’s not something that Joe Hacker has easy access to. If a hacker gets hold of your source code, you have much bigger problems than contaminated source code.

Second, mathematical calculations done on the source code before it’s converted to executable for distribution (called check sums or MD5 calculations) will catch the contamination. Much like tasting the cookie dough would catch the cookie recipe contamination.

Kurtz! Maybe you want to rephrase those interview sound bites?