While his paper is about compilers, the concept is trust. How far can you trust anything? How far can what you trust, in turn, trust anything further down the line?
If you write your own programs, then you can be reasonably sure they have no backdoor. Do you also write your own compiler? How about the operating system? The motherboard? The CPU?
There's no end to trust. No matter how paranoid you are, eventually you have to take a leap of faith.
Much like with other types of partners, make sure you know what kind of content you will see, and what technology they will use. With some, perhaps you can limit their access to a simple jpeg image file. With others, perhaps you can push your liability onto them by asking for assurance on the content being benign.
Trust is what's at stake. How much you trust your content provider and other partners needs to be cleared ahead of time and verified later on.
In your contract, make sure liability is clear. If you choose to accept only jpeg image files, then verify that's what they really are, and then allow no other content. Remember, if you're not careful, it is your own face you will be defacing.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.